Monitoring Server roles

Updated: 2009-04-30

There are four types of server roles for Monitoring Server:

  • **Administrator   **This role provides complete control over Monitoring Server and access to all dashboard data. A member of the Administrator role can create, edit, and delete all dashboard elements, and can publish to the server. Members of the Administrator role have access to the Server Administration console, which is used to grant object and server roles to other users. The administrator group on the computer running Monitoring Server is automatically added to this role, and it cannot be removed.

  • **Creator   **This role enables users to create reports, key performance indicators (KPIs), scorecards, and other indicators. Members of the Creator role can publish dashboard elements to Monitoring Server. A Creator member can also delete elements if there is Editor permission on the element. After an element has been created, the identity of the Creator member is automatically added to the Editor role of the element.

    Important

    End users are only allowed access to data that a Creator member or Administrator member grants to them. However, one important exception is when users navigate analytic reports generated against SQL Server Analysis Services. Some of the more complex navigation options allow readers of the report to see more data than the Creator member who created the content intended. To prevent end users from seeing data that they are not authorized to see in Analytic reports, secure that data directly in Analysis Services, rather than trying to use the application security available in Monitoring Server.

    Note

    End users that require the ability to publish to the preview site will need additional permissions to access the Preview folder itself. (The default path for the Preview folder is; C:\Program Files\Microsoft Office PerformancePoint Server\3.0\Monitoring\PPSMonitoring_1\Preview). While the PerformancePoint creator role allows end users to publish dashboard elements to the monitoring database in SQL Server, the creator role does not include the ability to preview a dashboard. The end user needs additional security permissions for publishing a dashboard element and publishing a dashboard to the preview site.

    • End users require Read & Execute permissions to access the Preview folder but will not be allowed to make changes to the folder’s content.

    • End users require Modify permissions for the Preview folder in order to publish to it.

  • **Data Source Manager   **This role enables users to create and delete data sources. Members of the Data Source Manager role can also publish data sources to Monitoring Server.

  • **Power Reader   **This role grants read-only access to all dashboard elements on the Monitoring Server computer. This role is intended for use by service accounts or back-end services that need complete access to the system. Notification services, for example, must be added to this role for alerts to work.

Recommendations for role configuration

After Monitoring Server has been deployed, we recommend that you begin assigning users and groups to roles based on your existing organizational structure. For example, members of the Administrator role should be authorized to view all of the business data that Monitoring Server will use, and they will also be responsible for configuring the rest of the application, including user access permissions.

Next, determine your data source managers. Members of the Data Source Manager role might not be authorized to grant additional permissions to users in the system, but they should be trusted with the available business data. Administrators should then define the set of Creators. Creators are responsible for creating content based on the set of data made available to them by members of the Data Source Manager role and Administrator role. The members of the Creator role are responsible for determining who can see what has been published. Creators do this by using Monitoring Server element roles.

Download this book

This topic is included in the following downloadable book for easier reading and printing:

See the full list of available books at Downloadable content for PerformancePoint Monitoring Server.

See Also