Platform Analytics roles
Platform Analytics has both unique roles and roles from other applications that apply to it.
Users with any role
Users with any role can create visualizations in dashboards that they have editing rights to. They need access to the data that they wish to display. They can add data visualizations that have been shared with them to their dashboards. In the Visualization Designer, they can bookmark or export such visualizations, and if a visualization has been shared with them with sharing rights, they can share it with other groups and users. Specific roles are needed to create or edit visualizations in the Visualization Designer.Users with any role can create dashboards and share them with groups, users, and roles. If a data visualization has been shared with them, they can add this visualization to their dashboards from the library. These users can share a dashboard that has been shared with them if sharing rights were also granted. They can pass along editing rights if granted.
User groups
Simplify user administration by creating groups that contain all the roles necessary for specific personas rather than to individual users. You can then assign individual users to those groups. When users transition to new roles, you can then re-assign their group memberships, and avoid scenarios where users retain unexpected roles.
For details on the administration of users, groups, and roles, see User Administration.
Role description
The following table provides the following information about each role associated with Platform Analytics.
- Role name
- Name of the role from the Name field in the Roles [sys_user_role] table.
- Description
- Description of the role and its intended use.
- Contains Roles
- List of roles contained within the role.
- Contained by roles (except admin)
- Any roles, besides admin, that contain the role. The admin role contains all the roles.
The following attributes are shared by all of the roles:
- None of the roles are assigned to a group by default.
- None of the roles require users to be allocated as part of a paid subscription, although a paid subscription is required for most Performance Analytics functionality.
- None of the roles are elevated, meaning none grant access to High Security Settings.
- All of the roles are included in the base system, except for analytics_admin and sn_process_optimization_analyst, which are included with User Experience Analytics and Process Mining, respectively.
Tip:
Try to assign the least inclusive role that still provides the necessary access. For example, if you want a user to be able to create data visualizations in the library and share them with users, but not schedule
their export, grant that user viz_creator and not viz_admin.
| Role name | Description | Contains Roles | Contained by roles (besides admin) |
|---|---|---|---|
| admin | Can create dashboards. Can create data visualizations in the Visualization Designer, which are automatically saved to the Library. Can edit, duplicate, share, and delete any dashboard and data visualizations. Can add filters to the filter library or edit or delete any filter. Has User Experience Analytics administrator privileges. | All other roles in this table | Not applicable |
|
platform_analytics_admin |
Role for administrative privileges in the Platform Analytics experience. This role includes administrative privileges for products and features that are connected to the Platform Analytics workspace, including Performance Analytics and User Experience Analytics. Includes all rights in this list except the right to manage Core UI reports. Equivalent to admin role from a security perspective. |
|
None |
| analytics_admin | Role for User Experience Analytics administrative privileges | All other User Experience Analytics admin and viewer roles. For more information, see Components installed with User Experience Analytics. | platform_analytics_admin |
| analytics_filter_admin | Role for editing or deleting any Platform Analytics filter. Can add filters to the filter library. For more information, see Filters in Platform Analytics. | None |
|
| dashboard_admin | Can create, edit, duplicate, share, and delete any dashboard. These rights extend to both Platform Analytics and responsive dashboards. For more information, see Dashboard permissions. | analytics_filter_admin | platform_analytics_admim |
| pa_kpi_signal_admin | Can activate KPI Signals for an indicator. For more information, see Activate KPI Signals monitoring for an indicator (KPI). | None | None. However, pa_admin has the same privileges |
| pa_admin | Role for Performance Analytics administrative privileges. Equivalent to admin role from a security perspective. |
|
platform_analytics_admin |
| par_scheduler | Can schedule email distribution of any data visualization they can view or edit | None | platform_analytics_admin |
| sn_process_optimization_analyst | Can configure a Process Mining map on a dashboard. For more information, see Configure a Process Mining map on a dashboard. | None | None |
| viz_creator | Can create data visualizations in the Visualization Designer, which are then available in the library. Can also edit, export, and share data visualizations in the Visualization Designer, if they own that visualization or have had it shared with them with the relevant rights. Can only delete visualizations that they created. Can share visualizations only with groups and users. | None |
|
| viz_admin | Can create data visualizations in the Visualization Designer, which are then available in the library. Can access all data visualizations in the library, either to add to a dashboard or open in the Visualization Designer. Can perform all actions in the Visualization Designer on any visualization. Can share a visualization with groups, users, or roles. Can also schedule the export of visualizations. |
Also includes the same privileges as viz_creator |
|
| report_admin | Same rights as viz_admin. In addition, can create, delete, edit, and export all Core UI reports, including those on the Service Portal. |
|
The role hierarchy in the table is also shown in the following diagram:
Role lookup by use case
| Use case | Required role |
|---|---|
| Create a dashboard | Any role |
| Share a dashboard | Any role to share a data visualization that you created or that was shared with you with sharing rights. With the viz_admin role or higher, you can share any data visualization on the instance. When you share a data
visualization, you can pass along the rights to share that visualization further. You also decide whether to share with editing rights or only viewing rights. If a data visualization has been shared with you with sharing and
editing rights, you can also pass along editing rights. dashboard_admin to share any dashboard A role with read access to the Roles [sys_user_role] table to share with roles |
| Edit a dashboard | Any role, if you created the dashboard or have had it shared with you with editing rights. dashboard_admin or higher for any dashboard Technical dashboards also require ui_builder_admin |
| Duplicate a dashboard | Any role, if you can view the dashboard. You cannot duplicate technical dashboards. |
| Create a printer-friendly copy of a dashboard | Any role, if you can view the dashboard. |
| Export a dashboard | Any role, if you can view the dashboard. |
| Schedule the export of a dashboard | par_scheduler for dashboards that you own or that have been shared with you. par_scheduler_admin or higher for any dashboard |
| Bookmark a dashboard | Any role, if you can view the dashboard. |
| Delete a dashboard | Any role, if you created the dashboard. dashboard_admin or higher for any dashboard |
| Configure dashboard details | Any role, if you created the dashboard or have had it shared with you with editing rights. dashboard_admin or higher for any dashboard |
| Configure dashboard settings | Any role, if you created the dashboard or have had it shared with you with editing rights. dashboard_admin or higher for any dashboard |
| Configure dashboard tab cache timeout | admin |
| Use case | Required role |
|---|---|
| Create a data visualization | Anyone with access to data can create a visualization of that data on a dashboard that they own. Users with the viz_creator role can create a visualization in the Visualization Designer. If you create a visualization in the Visualization Designer, it is saved to the library. |
| Edit a data visualization | You can edit any visualization that you created or that was shared with you with editing rights, if it is not in the library. If it is in the library, you also need the viz_creator role. Edit any visualization on the instance with viz_admin or higher. |
| Add a visualization from the library to a dashboard | Any role, if the visualization has been shared with you. viz_creator to add any visualization from the library. |
| Add a visualization that was created in a dashboard to the library | viz_creator or higher and the right to edit the dashboard |
| Unlink a data visualization on a dashboard from the library, creating a version that is local to that dashboard. | Any role, if you can edit the dashboard containing the visualization |
| Duplicate a visualization in the Visualization Designer | viz_creator or higher |
| Share a visualization with users or groups | Any role to share a data visualization that you created or that was shared with you with sharing rights. With the viz_admin role or higher, you can share any data visualization on the instance. When you share a data visualization, you can pass along the rights to share that visualization further. You also decide whether to share with editing rights or only viewing rights. If a data visualization has been shared with you with sharing and editing rights, you can also pass along editing rights. |
| Share a data visualization with roles | viz_admin or higher |
| Export a visualization | Any role, if you can view the visualization in the Visualization Designer. |
| Schedule the export of a data visualization | par_scheduler or higher to schedule the export of a data visualization that you can edit. par_scheduler_admin or higher to schedule the export of any data visualization that you can view. |
| Delete a visualization | Any role, to delete a data visualization that you created. viz_admin or higher to delete any data visualization on the instance. |
| Control data source availability by role | admin |
| Configure chart interactions | Any role if you have the right to edit the data visualization. The viewer needs the right to view any data they drill down to. |
| Use service catalog variables in data visualizations | viz_creator or higher |
| Create coloring rules for data visualizations | Any role if you have the right to edit the data visualization. |
| Use case | Role |
|---|---|
| Add a filter to a dashboard | Any role, if the user has editing rights to the dashboard. dashboard_admin or higher to add a filter to any dashboard |
| Edit a filter on a dashboard | Any role, for a filter that is not in the library, if the user has editing rights to the dashboard. analytics_filter_admin or higher is also needed if the filter is in the library. Alternatively, the user can detach the filter on the dashboard from the library and edit a local copy. |
| Add a local filter on the dashboard to the library | analytics_filter_admin or higher, and editing rights to the dashboard |
| Create or edit a filter in the Filter Designer | analytics_filter_admin or higher |
| Use case | Role |
|---|---|
| Configure a Process Mining map on a dashboard | sn_process_optimization_analyst |
| Activate KPI Signals monitoring for an indicator (KPI) | pa_kpi_signal_admin |