Data permissions for object-centric process mining
For a Celonis team that's using object-centric process mining, these permission levels apply:
Admins can view, edit, and publish all objects, events, transformations, and perspectives. If you have enabled object-centric data models in all the data pools in your team, they can do this for the object-centric data model in any data pool.
Analysts who have edit permissions for the OCPM Data Pool can view and edit all objects, events, transformations, and perspectives. They can also publish them to the development environment and to the production environment.
If you have enabled object-centric data models in all the data pools in your team, analysts who have edit permissions for a data pool can view, edit, and publish in the same way for the object-centric data model in that data pool. They'll need individual edit permissions for each data pool where they are allowed to work with the object-centric data model.
Analysts who have view permissions for a data pool can view all objects, events, transformations, and perspectives in that data pool. They can't edit them or publish them.
Members can't access objects, events, transformations, and perspectives directly. They can use applications and assets built on perspectives.
If you’re working with objects and events in only the OCPM Data Pool, it isn't possible to restrict individual analysts' access to specific processes or objects in the Objects and Events user interface. If you need to protect sensitive data during the modeling process, enable object-centric process mining for all the data pools in your Celonis team, as explained in Multiple object-centric data models. Give each of your analysts access to an appropriate data pool where they can only see the processes, objects, and data that they need to work with. You can also use multiple object-centric data pools as a solution if you need strict control of end users' access to data. Give users access to a data pool where only the permitted data is shared with the object-centric data model.
You can set data permissions on individual perspectives in the same way that you can for case-centric data models. You can use these to provide user and group filters for what data can be accessed through the perspective by end users. For example, you could permit a user to see only the data for the North America region in the views they're working with.
To set the data permissions for a perspective:
Go to Data Integration and select the data pool where you're working with objects and events. You can also get there from the Objects and Events UI.
Find the perspective in the Data Models section of the data pool, and choose Data Permissions from the context menu.
Click Add user or group. Click the name of a user or group in the listing to add them.
Select the user or group name and click Add Rule.
Click Select and choose a column. Type all permitted values from that column, and click Save.
Add further rules in the same way. The rules have an AND relationship - users must have permission under all rules that apply to an object to view its data. If a user can’t see an object, they also can’t see objects that are connected to it by a relationship, unless they are connected to other objects that they can see.
Important
If your perspective contains any standalone objects, or any distinct groups of objects that are connected to each other but not to other groups, check your data permissions carefully. Rules that you set on a group of interconnected objects apply to the objects in the group, but don't apply to objects and groups that are not connected to them.
For example, if your perspective contains these groups of objects:
(A-B-C) (D-E) (F)
Data permissions placed on object F don't affect any of the other objects.
Data permissions placed on objects D and E affect each other, but not A, B, C, and F.
Data permissions placed on objects A, B, and C affect each other, but not D, E, or F.