Skip to main content

Celonis Product Documentation

Loading data permissions from permission tables

Use this permission source to identify a table in the Data Pool from which data permission information is retrieved.

You can set up a simple permission table to state whether the users and groups listed in it do or don't get unlimited access to the Data Model. A permission table that works using values should look something like this example:

Note

These permissions can supersede a user's Admin access.

User_Mail

Table_Name

Column_Name

Value

m.mustermann@celonis.com

O2C_VBAK

VKORG

500

m.musterfrau@celonis.com

O2C_VBAK

VKORG

400

  • When you're choosing column names in the permission table, don't use "Table", it's a functional word and might cause issues.

  • Each row in a permission table that works using values needs to contain these things:

    • A user email or group name (the reference user). You can't mix individual users and group names in the same permission table, but you can use more than one permission table.

    • The table where you're creating a data permission (the reference table).

    • The column in that table where the data permission applies (the reference column).

    • A value that's compared to the column in the Data Model table to see if the user has permission to see it (the reference values).

  • The data type for a column in the permission table must be the same as the data type for the column in the Data Model that you're comparing it to. Watch out for numbers, which Celonis Celonis Platform is likely to recognize automatically as integers when you upload the permission table. If they ought to be strings, make sure to select that data type when you upload the file, or cast the column later in a transformation in the global schema.

  • When you specify a table name in the permission table, you need to choose either the real table name of the table in the Data Model, or the alias that's displayed in the Data Model Graph. You can see the table name by clicking on the context menu (three vertical dots) next to the alias name in the Data Model Graph.

    Whichever one you choose, you need to keep this consistent for the whole permission table. If you choose the alias, you need to set the slider 'Reference table' refers to table alias in Data Model on when you set up the permission table as a permission source.

  • See Combining data permissions for explanations and examples if you want to give a user permissions for more than one value or more than one table column.

For instructions to upload your permission table to the Data Pool, see Uploading Files.

Here's the panel to set up permission tables, and the steps following it tell you how:

permsloadtable.png
  1. Select Add permission table to add a permission table from the Data Pool, then Select to choose the table. You can pick one from the displayed list or search.

    If you pick the wrong one, you can use the Delete icon to remove the table from the data permissions list. This doesn't delete the table from the Data Pool.

  2. Select either the User radio button or the Group radio button to say whether the table contains permissions for users or groups.

  3. To identify the reference user, click Select and pick the column in the permission table that contains the user email or group name.

  4. If the users or groups in this permission table just either do or don't have unlimited access to all the data in the Data Model, select the Unlimited assignment radio button. The default is Value assignment, which means you're going to restrict what they can see using values.

    If you select Unlimited assignment, you only need to identify the column in the permission table that has a true or false flag to say whether the user should have unlimited access (true) or not (false). False is the default, which does not need to be specified explicitly.

  5. If you select Value assignment, to identify the reference table, click Select and pick the column in the permission table that contains the name of the Data Model table where you're creating the data permission.

    If the permission table uses the table alias rather than the true table name, set the slider 'Reference table' refers to table alias in Data Model on.

  6. To identify the reference column, click Select and pick the column in the permission table that contains the column name on which you're creating the data permission.

  7. To identify the reference values, click Select and pick the column in the permission table that contains the value that's compared to the column in the Data Model table to see if the user has permission to see it.

  8. When you're done, click Apply permission table to fetch the data from the table and apply the data permissions in it. You'll need to do this again if you change the table definition or the table data.

  9. After the permission table is applied, you see the result in a panel below the table name. There's three possible results:

    • Success - The permission table has been successfully applied to the data permissions.

    • Warning -The permission table has been applied to the data permissions, but there was an issue. The message tells you what the issue was - for example an email address in the table that doesn't have a matching Celonis Celonis Platform user.

    • Error - The permission table could not be applied to the data permissions. The message gives you details on how to resolve this.