Skip to main content

Celonis Product Documentation

Data permissions

Use data permissions to limit the data that a user can see in a view or analysis.

Note

These permissions can supersede a user's Admin access.

For example, in this situation:

  • User A and User B both handle supplier invoices using Accounts Payable views.

  • User A only needs to work with invoices from suppliers in Europe.

  • User B only needs to work with invoices from suppliers in Canada.

You can set up data permissions for each user so that they only see the relevant invoices. Alternatively, you can set up data permissions for groups, and control the users' access to data by adding them to or removing them from a group.

If you specify multiple data permissions for a user or user group that reference different table columns, those users are restricted by all of the permissions in each case. For example:

  • If User C can only see company code 1000 and can only see vendor number 200, only entries that match both these conditions are displayed to the user.

  • An entry with company code 2000 and vendor number 200 is not displayed to User C, because the company code does not match their data permissions.

Groups and data permissions

When you use groups to manage data permissions, you control individual users' access to data by adding them to or removing them from the groups in Admin and Settings.

With this approach, there can be some latency for new data permissions to be applied for an individual user in the Celonis Platform. Please plan for this when you make changes to a user's data permissions.

If you are loading data permissions from a table in the Data Pool, using groups rather than individual users improves performance by reducing the number of rows that need to be loaded. 100,000 rows is the upper limit for good query performance, so if you have this many users or more, you should definitely use groups to manage data permissions.

To get to the data permissions settings for a Data Model:

  1. In the Celonis Platform navigation bar, select Data > Data Integration.

  2. Select the Data Pool where you want to set data permissions.

  3. Select Data Models from the Data Pool diagram to see the list of Data Models.

  4. In the context menu for the Data Model where you want to set data permissions, select Data Permissions.

  5. Set the Use data permission options slider at the top of the page on.

    Important

    You can wait until you've finished setting up the data permissions, if you prefer, but don't forget to do this step. This is what activates the data permissions you define - without it, all users can see all of the data.

The two tabs on the Data Permissions page give you two ways to define data permissions:

See Combining data permissions for explanations and examples if you want to set up data permissions involving multiple values or multiple table columns.

Usage permissions and data permissions

Usage permissions control the ability of users to link the Data Model to an object they are creating (for example, an analysis or a skill). You only need a usage permission to link the Data Model to an object that uses it. Users of the created object (for example, viewers of an analysis) can use it without needing usage permissions for the Data Model. For more information on usage permissions, see Data Integration Permissions.

Data permissions control the access of users to specific entries when querying data from the Data Model. Data permissions are independent of whether the user can create new objects with the data model or whether the user is just a viewer.