Dear BOARD community,
I’m facing an issue with the BOARD security system in BOARD on-prem.
⛈ Situation:
After several years of using BOARD throughout the company, a significant number of user profiles have been created. The main reason for this is that our company structure includes several subsidiary companies of different sizes that need to perform their planning in BOARD.
In smaller companies, only the CEO has access to BOARD. In larger subsidiaries, at least three users - the CEO, CFO, and local Finance Controller - have access to BOARD with the same permissions. All these users should only have access to the data of their respective company. For small companies with just one BOARD user, this is easy to manage. For larger companies, this is currently only feasible with different user profiles and different database profiles.
(Note: This is a simplified example. We use many more profiles to ensure a structure like this.)
I know that a solution for my issue would be to use the “User Metadata” in the Subscription Hub with the metadata variable in the custom selection script. However, we are on-prem and do not have access to the Subscription Hub.
💡 Idea:
From my point of view, three ideas could help reduce the number of security profiles:
- Add the “User Metadata” to on-prem.
- Combine custom selection script with selection entity based on cubes. By doing this, I could use a cube with user and company entity to authorize users to access the data only for their company.
- Allow an “or”-condition in custom selection script. By doing this, I could use one profile for the CEO, CFO, and Finance Controller and allocate users in different entities to the company entity.
