Platform Analytics roles

Xanadu Platform Analytics

Release

xanadu

ft:locale

en-US

ft:publication_title

Xanadu Platform Analytics

ft:clusterId

par

bundleId

par

workflow

Platform

Platform Analytics roles

Release version: Xanadu

Updated August 1, 2024

9 minutes to read

Summarize

Summarized using AI

Summary of Platform Analytics roles

Platform Analytics includes unique roles and roles inherited from other ServiceNow applications, controlling access to dashboards, data visualizations, filters, and administrative features. Users with any role can create and share dashboards, add shared data visualizations, and manage visualization bookmarks or exports based on sharing rights. More advanced tasks such as creating or editing visualizations in the Visualization Designer require specific roles.

Show full answer Show less

User groups simplify role management by bundling roles into groups tailored to personas, easing user transitions and maintaining appropriate access.

Role Structure and Assignment

Roles are not assigned to groups by default, nor require paid subscriptions except for some Performance Analytics functions.
No roles grant access to High Security Settings.
Most roles are included in the base system, with exceptions for analyticsadmin and snprocessoptimizationanalyst, tied to User Experience Analytics and Process Mining.
It is recommended to assign the least inclusive role meeting user needs to minimize unnecessary privileges.

Key Roles and Their Capabilities

admin: Full rights to create, edit, share, and delete dashboards and visualizations; includes User Experience Analytics admin privileges.
platformanalyticsadmin: Equivalent to admin for Platform Analytics workspace, excluding Core UI report management.
analyticsadmin: User Experience Analytics administrator role.
analyticsfilteradmin: Manage Platform Analytics filters including creation, editing, and deletion.
dashboardadmin: Create, edit, share, duplicate, and delete any dashboard across Platform Analytics and responsive dashboards.
paadmin: Performance Analytics administrative privileges.
parscheduler: Schedule email distribution of dashboards and visualizations.
snprocessoptimizationanalyst: Configure Process Mining maps on dashboards.
vizcreator: Create, edit, export, and share visualizations they own or which are shared with them with appropriate rights.
vizadmin: Manage all visualizations including creation, editing, sharing, and scheduled exports; can share with roles.
papoweruser and reportadmin: Extend vizadmin rights with report management including Core UI reports.

Role-Based Access for Common Use Cases

Dashboards

Any role can create, view, bookmark, export, and delete dashboards they own.
Sharing dashboards requires any role, with dashboardadmin or higher needed to share any dashboard or edit dashboards not personally created.
Technical dashboards require additional roles like uibuilderadmin.
Scheduling exports requires parscheduler or higher.

Data Visualizations

Creating visualizations requires access to the data and ownership of the dashboard; vizcreator role enables creation in the Visualization Designer and library.
Editing own visualizations or those shared with editing rights is allowed; vizadmin or higher can edit any visualization.
Adding visualizations from the library to dashboards requires at least vizcreator.
Sharing visualizations can be done with any role if the user owns the visualization or has sharing rights; vizadmin or higher can share any visualization.
Scheduling exports and deleting visualizations require parscheduler or vizadmin roles respectively.

Filters

Any role with dashboard editing rights can add filters locally.
Editing and managing filters in the filter library requires analyticsfilteradmin or higher.

Other Functions

snprocessoptimizationanalyst role configures Process Mining maps.
pakpisignaladmin role activates KPI Signals monitoring.

Practical Guidance

Assign roles carefully to balance capability with security, preferring the least privilege necessary. Use user groups to manage role assignments efficiently across teams. Understand the distinctions between roles to enable correct access for creating, editing, sharing, and scheduling analytics content. This ensures users can collaborate effectively while maintaining control over sensitive analytics assets.

Platform Analytics has both unique roles and roles from other applications that apply to it.

Users with any role

Users with any role can create visualizations in dashboards that they have editing rights to. They need access to the data that they wish to display. They can add data visualizations that have been shared with them to their dashboards. In the Visualization Designer, they can bookmark or export such visualizations, and if a visualization has been shared with them with sharing rights, they can share it with other groups and users. Specific roles are needed to create or edit visualizations in the Visualization Designer.

Users with any role can create dashboards and share them with groups, users, and roles. If a data visualization has been shared with them, they can add this visualization to their dashboards from the library. These users can share a dashboard that has been shared with them if sharing rights were also granted. They can pass along editing rights if granted.

User groups

Simplify user administration by creating groups that contain all the roles necessary for specific personas rather than to individual users. You can then assign individual users to those groups. When users transition to new roles, you can then re-assign their group memberships, and avoid scenarios where users retain unexpected roles.

For details on the administration of users, groups, and roles, see User Administration.

Role description

The following table provides the following information about each role associated with Platform Analytics.

Role name: Name of the role from the Name field in the Roles [sys_user_role] table.
Description: Description of the role and its intended use.
Contains Roles: List of roles contained within the role.
Contained by roles (except admin): Any roles, besides admin, that contain the role. The admin role contains all the roles.

The following attributes are shared by all of the roles:

None of the roles are assigned to a group by default.
None of the roles require users to be allocated as part of a paid subscription, although a paid subscription is required for most Performance Analytics functionality.
None of the roles are elevated, meaning none grant access to High Security Settings.
All of the roles are included in the base system, except for analytics_admin and sn_process_optimization_analyst, which are included with User Experience Analytics and Process Mining, respectively.

Tip:

Try to assign the least inclusive role that still provides the necessary access. For example, if you want a user to be able to create data visualizations in the library and share them with users, but not schedule their export, grant that user viz_creator and not viz_admin.


Role name	Description	Contains Roles	Contained by roles (besides admin)
admin	Can create dashboards. Can create data visualizations in the Visualization Designer, which are automatically saved to the Library. Can edit, duplicate, share, and delete any dashboard and data visualizations. Can add filters to the filter library or edit or delete any filter. Has User Experience Analytics administrator privileges.	All other roles in this table	Not applicable
platform_analytics_admin	Role for administrative privileges in the Platform Analytics experience. This role includes administrative privileges for products and features that are connected to the Platform Analytics workspace, including Performance Analytics and User Experience Analytics. Includes all rights in this list except the right to manage Core UI reports. Equivalent to admin role from a security perspective.	analytics_admin analytics_filter_admin dashboard_admin pa_admin par_scheduler viz_admin	None
analytics_admin	Role for User Experience Analytics administrative privileges	All other User Experience Analytics admin and viewer roles. For more information, see Components installed with User Experience Analytics.	platform_analytics_admin
analytics_filter_admin	Role for editing or deleting any Platform Analytics filter. Can add filters to the filter library. For more information, see Filters in Platform Analytics.	None	platform_analytics_admin dashboard_admin pa_admin report_admin viz_admin
dashboard_admin	Can create, edit, duplicate, share, and delete any dashboard. These rights extend to both Platform Analytics and responsive dashboards. For more information, see Dashboard permissions.	analytics_filter_admin	platform_analytics_admim
pa_kpi_signal_admin	Can activate KPI Signals for an indicator. For more information, see Activate KPI Signals monitoring for an indicator (KPI).	None	None. However, pa_admin has the same privileges
pa_admin	Role for Performance Analytics administrative privileges. Equivalent to admin role from a security perspective.	viz_admin analytics_filter_admin All other Performance Analytics roles. For more information, see Performance Analytics roles.	platform_analytics_admin
par_scheduler	Can schedule email distribution of any data visualization they can view or edit	None	platform_analytics_admin
sn_process_optimization_analyst	Can configure a Process Mining map on a dashboard. For more information, see Configure a Process Mining map on a dashboard.	None	None
viz_creator	Can create data visualizations in the Visualization Designer, which are then available in the library. Can also edit, export, and share data visualizations in the Visualization Designer, if they own that visualization or have had it shared with them with the relevant rights. Can only delete visualizations that they created. Can share visualizations only with groups and users.	None	viz_admin (implicit) itil report_user
viz_admin	Can create data visualizations in the Visualization Designer, which are then available in the library. Can access all data visualizations in the library, either to add to a dashboard or open in the Visualization Designer. Can perform all actions in the Visualization Designer on any visualization. Can share a visualization with groups, users, or roles. Can also schedule the export of visualizations.	analytics_filter_admin par_scheduler Also includes the same privileges as viz_creator	platform_analytics_admin pa_admin pa_power_user
report_admin	Same rights as viz_admin. In addition, can create, delete, edit, and export all Core UI reports, including those on the Service Portal.	viz_admin analytics_filter_admin par_scheduler report_user

The role hierarchy in the table is also shown in the following diagram: Platform analytics role hierarchy.

Role lookup by use case

Table 1. Dashboard roles
Use case	Required role
Create a dashboard	Any role
Share a dashboard	Any role to share a data visualization that you created or that was shared with you with sharing rights. With the viz_admin role or higher, you can share any data visualization on the instance. When you share a data visualization, you can pass along the rights to share that visualization further. You also decide whether to share with editing rights or only viewing rights. If a data visualization has been shared with you with sharing and editing rights, you can also pass along editing rights. dashboard_admin to share any dashboard A role with read access to the Roles [sys_user_role] table to share with roles
Edit a dashboard	Any role, if you created the dashboard or have had it shared with you with editing rights. dashboard_admin or higher for any dashboard Technical dashboards also require ui_builder_admin
Duplicate a dashboard	Any role, if you can view the dashboard. You cannot duplicate technical dashboards.
Create a printer-friendly copy of a dashboard	Any role, if you can view the dashboard.
Export a dashboard	Any role, if you can view the dashboard.
Schedule the export of a dashboard	par_scheduler for dashboards that you own or that have been shared with you. par_scheduler_admin or higher for any dashboard
Bookmark a dashboard	Any role, if you can view the dashboard.
Delete a dashboard	Any role, if you created the dashboard. dashboard_admin or higher for any dashboard
Configure dashboard details	Any role, if you created the dashboard or have had it shared with you with editing rights. dashboard_admin or higher for any dashboard
Configure dashboard settings	Any role, if you created the dashboard or have had it shared with you with editing rights. dashboard_admin or higher for any dashboard
Configure dashboard tab cache timeout	admin

Table 2. Data visualization roles
Use case	Required role
Create a data visualization	Anyone with access to data can create a visualization of that data on a dashboard that they own. Users with the viz_creator role can create a visualization in the Visualization Designer. If you create a visualization in the Visualization Designer, it is saved to the library.
Edit a data visualization	You can edit any visualization that you created or that was shared with you with editing rights, if it is not in the library. If it is in the library, you also need the viz_creator role. Edit any visualization on the instance with viz_admin or higher.
Add a visualization from the library to a dashboard	Any role, if the visualization has been shared with you. viz_creator to add any visualization from the library.
Add a visualization that was created in a dashboard to the library	viz_creator or higher and the right to edit the dashboard
Unlink a data visualization on a dashboard from the library, creating a version that is local to that dashboard.	Any role, if you can edit the dashboard containing the visualization
Duplicate a visualization in the Visualization Designer	viz_creator or higher
Share a visualization with users or groups	Any role to share a data visualization that you created or that was shared with you with sharing rights. With the viz_admin role or higher, you can share any data visualization on the instance. When you share a data visualization, you can pass along the rights to share that visualization further. You also decide whether to share with editing rights or only viewing rights. If a data visualization has been shared with you with sharing and editing rights, you can also pass along editing rights.
Share a data visualization with roles	viz_admin or higher
Export a visualization	Any role, if you can view the visualization in the Visualization Designer.
Schedule the export of a data visualization	par_scheduler or higher to schedule the export of a data visualization that you can edit. par_scheduler_admin or higher to schedule the export of any data visualization that you can view.
Delete a visualization	Any role, to delete a data visualization that you created. viz_admin or higher to delete any data visualization on the instance.
Control data source availability by role	admin
Configure chart interactions	Any role if you have the right to edit the data visualization. The viewer needs the right to view any data they drill down to.
Use service catalog variables in data visualizations	viz_creator or higher
Create coloring rules for data visualizations	Any role if you have the right to edit the data visualization.

Table 3. Filter roles
Use case	Role
Add a filter to a dashboard	Any role, if the user has editing rights to the dashboard. dashboard_admin or higher to add a filter to any dashboard
Edit a filter on a dashboard	Any role, for a filter that is not in the library, if the user has editing rights to the dashboard. analytics_filter_admin or higher is also needed if the filter is in the library. Alternatively, the user can detach the filter on the dashboard from the library and edit a local copy.
Add a local filter on the dashboard to the library	analytics_filter_admin or higher, and editing rights to the dashboard
Create or edit a filter in the Filter Designer	analytics_filter_admin or higher

Table 4. Miscellaneous roles
Use case	Role
Configure a Process Mining map on a dashboard	sn_process_optimization_analyst
Activate KPI Signals monitoring for an indicator (KPI)	pa_kpi_signal_admin