Security Overview
When discussing PPS security, we are talking about two types of security. The first type is PPS element security,
which refers to how to configure user access to scorecards, KPIs, data
sources, and other objects. For example, we can create a KPI and
configure security for the KPI to ensure that it can be seen only by a
particular user or group when they browse the SharePoint list where the
KPI is stored.
The second type of security is data security,
which refers to what data display when a user browses a dashboard. For
example, we can configure security on the data source itself (an Analysis Services cube, for example) so that a user can see the sales numbers for a particular region only.
Applying Security to PPS Elements
In PPS 2007, all elements were
stored in a SQL Server database. Therefore, all element security was
stored in that database, too. The security configuration was done using
Dashboard Designer. When a user connected to a dashboard, SharePoint
2007 looked at the security information in the database and figured out
which elements on the dashboard the user was allowed to access.
In PPS 2010, all elements
are stored as items in SharePoint lists and libraries. Therefore, you
now secure PPS elements by implementing SharePoint security.
All PPS elements have the same
options available in the context menu when you right-click the element
in Dashboard Designer. As shown in Figure 1, one of these options is called Manage Permissions.
Tip
The Manage Permissions
option just loads up the SharePoint page that enables security
permission configuration on the element selected. You can configure
these permissions without using Dashboard Designer at all.
When you click this option,
you are directed to a SharePoint page listing the current permissions
for the selected element, as shown in Figure 2
(in this case, a data source). You need to have full control
permissions on the object in the SharePoint list to edit these
permissions.
Notice the yellow status bar
toward the top of the page: This Document Inherits Permissions from Its
Parent (The Green Orange). All SharePoint security, not only for PPS, is
configured on the topmost parent and then cascaded down to all
children. Thus, by default, all security is defined on the site
collection level and then applied to the site, list, and libraries, and
last list and library items. The site collection used in this example is
called The Green Orange. Clicking the The Green Orange link in the
yellow status bar displays the security settings for the site
collection, as shown in Figure 3.
From here, you can modify
what access users will have to PPS elements by clicking Grant
Permissions. From the Grant Permissions screen, you can select users or
groups and add them to a SharePoint group, as shown in Figure 4. Users can be Lightweight Directory Access Protocol (LDAP; Active Directory) or local users.
You can also
assign permissions directly. Therefore, you do not need to associate a
user with a specific SharePoint group that has a set of predefined
permissions. Instead, you may check specific permissions for a user. Figure 5 shows the available permissions.
