Set Up Query Tool Access
This section describes how an administrator sets up Query Tool access for a user.
Set Up Query Tool Access Options
To set up access, go to the User Security application and select Query Tool in the category options, as shown in the following example.
On this page
Query Tool Access Options
The following table provides a summary of the query tool access options.
Access Option | Description |
---|---|
Query Tool Access | Allows you to see the Performance Queries link. If you have Query Tool Access and no other options, you are able to submit query report profiles made accessible to you, and override any report parameters specified at the profile level, but you cannot create, edit or delete query report profiles. Or, with Query Tool Access, you can have any or all of options in any combination. |
Create Profile | Allows you to create new query report profiles, which includes the ability to publish profiles to other users or business groups, assign permissions to other users to override parameters and specify operations available to users. You can also edit and delete query report profiles that they create. |
Edit Others Profiles | User can change the default Query Report Profile Parameters (that is, values in the QR_PROF_DEFAULT_VALUES table in the PACE_MASTERDBO) for profiles that other users created. Changes to this table can impact any downstream users who use the Query Profile. It is important to note that any existing Operations in the Query Profile will be deleted if the Owner or another user modifies the existing Fields in the Profile. |
Delete Others Queries | Allows you to delete queries that other users have created. This removes the query from all users to whom it was previously published. |
Assign Access | Allows you to assign Query Profile Access, Query Profile Parameter Access and Operation permissions for any query report profile. These permissions are all set at the query report profile level user by user or business group by business group. This permission separates user management from report creation management. |
Edit Others Column Attributes | Allows you to change the names of columns and the decimal precision of values in columns for queries they do not own and saves these changes as their customizations—the changes are not seen by other users. |
Copy Others Profiles | Allows you to copy the default values of existing query report profiles. The copy function does not allow you to copy override values. For example, say user A creates a query with three operations and grants profile access and operation access to user B, and user B creates two additional operations. When user C, with copy access, copies the profile, user C gets a profile with the three original operations. Items that are commonly overridden include column names, precision of columns, and the creation of additional operations. |
Query Tool Security
When a query report profile is created, the original report parameters are saved as the default values. Report parameters include: entities, dates, fields, source rule, performance model and performance model Level. User overrides to report parameters are also saved, but the default values remain unchanged unless the owner/creator edits the profile. If the default values are edited, these changes can affect all the users of the query report profile depending on the overrides they created or saved. Changes to default parameters may result in the deletion of all operations defined by downstream users of that particular query report profile.
Within the query report profile, there are options to:
Specify users and business groups who have access to query for submission.
Specify which report parameters (for example, entities, dates, and performance models) may be overridden by specific users or business groups.
Specify which users may create and perform operations (for example, geometric compound rolling, and difference series) on the query result set.
These options are assigned when creating a query report profile using the Query Tool. They are not specified at the user security level.
Even if a user is only given Query Tool Access at the user security level, if within a particular profile they are given the privilege to override several report parameters, they can essentially run a very different query from the one published to them. For example, given the ability to change both entities and fields, a user could query a different column for a different fund. They cannot, however, publish this query to anyone else and can only override those parameters to which they have been given permission.
Anyone given Edit privileges has the ability to change the default report parameters for a query report profile. These changes can directly affect any users who are using that query report profile and who have defined overrides against it.
Any changes to users’ privileges defined prior to PACE version 6.0 to employ the new Performance Query Tool User Security options must be made manually at the client site. This includes any changes to Roles that are shipped with PACE, including the default Performance user roles, such as Performance System Supervisor.