About permissions for business roles
Permissions in a business role control Read and Write access to the business data in a model site.
Read access enables users to view data in PerformancePoint Add-in for Excel.
Write access enables users to write to the application database.
Note
Data submission must be enabled for the user in corresponding assignments.
To access business data, business roles must grant Read permissions to at least one member in every member set in models that the role can access. For more information about this requirement, or for tips and other information that may apply when you configure business roles or implement your security model, see Best practices for business roles.
Permissions for a business role
The tasks that users are required to perform should dictate the permissions that you define for the role. The following settings determine the permissions for a business role.
Access to models. Members of a business role cannot view any data that is contained in a model unless access is granted to the model. This applies even when the role has permissions to member sets in a model. After access to the model is enabled, users can work with the data according to the Read and Write permissions that are defined in the role. For information about how to enable access to models, see the Enable access to a model for a business role topic.
Default permissions. Default permissions apply for all member sets in the model site and for all users in the role unless explicit permissions have been specified. Default permissions settings let you deny all access, give Read-only access, or give both Read and Write access. For information about how to change default permissions, see Edit the default permissions for a business role.
Explicit permissions for member sets or members. Explicit permissions override default permissions. You can explicitly specify Read or Write access to specific member sets or members. For information about how to specify explicit permissions, see Edit member set permissions for a business role.
Customized permissions for users. By default, all users who belong to a role have the same permissions as those that are defined by the role. After a user has been added to a role, his or her permissions can be restricted if the Custom user permissions feature has been enabled for the member set. For information about how to customize user permissions, see Edit user permissions in a business role.