Security Management

By - Updated January 25, 2018

Kepion supports out of the box a powerful security management system that both scales and allows for complex security setups – right down to dimension member access.

In this article, we walk through the process of configuring security for a typical application. Each step comes with a short description, where to configure, and an example video or article.  Unless “Optional” is specified, you need to complete all the areas for a brand new application. For an initial configuration, we recommend following the steps in order.

Add Users to Kepion

  • Add individual AD users
  • Add users by adding AD groups

Configuration: ADMINISTRATOR -> Security -> User & Group

Example: Security training video

Categorize Users by Role

There are five predefined system roles:

  • System Administrator: Has unlimited access to all aspects of the system.
  • Administrator: Manages both user security and workflow.
  • Model Designer: Manages the core modeling aspects of an application.
  • Report Designer: Manages reports and report books for reporting. This is an obsolete feature that only applies to Kepion 2.0.
  • Advanced Contributor: Be able to use advanced features, such as transnational drill-through, run rules on selected cells, and review user changes on forms.

The System Administrator has the highest level of privilege across all applications. The rest of the system roles are all scoped by application.

For users that only need to access dashboards or workbooks, you can create user-defined roles to help manage security.  All the user-defined roles can only access the APPS module, unless you add them to one of the system roles.

Below is a summary of accessible modules of each role within Kepion.

Configuration: ADMINISTRATOR -> Security -> Membership

Example: Security training video

Configure Permission

  • By model: Users must be granted access to a model to be able to view data from forms and reports that are created off that model. Users that are not granted this access will receive a connection error when they attempt to view these resources.
  • By dimension member (Optional): Dimension member security is defined in a restrictive manner. Should a user not have any dimension member security defined for a particular dimension, then they will by default have read access to all the members.

Configuration: ADMINISTRATOR -> Security -> Permission

Example: Security training video

Manage Workflow Users

You can grant users access to a workflow (dashboard or workbook) by adding roles or individual users.

Configuration: ADMINISTRATOR -> Manage Workflow -> Dashboard/Workbook -> USER

Example: Security training video

You can also restrict users access to certain pages or forms.  Instead of managing several workflows for different users, you can use one workflow and specify accessible pages/forms by user or role.

Configuration: ADMINISTRATOR -> Manage Workflow -> Dashboard -> PAGE RESTRICTION, or Workbook -> FORM RESTRICTION

Example: Security training video

Configure Module Restriction (Optional)

If you want to limit access to certain regions within the MODELER or ADMINISTRATOR module, you can do so on the Restriction tab.

Configuration: ADMINISTRATOR -> Security -> Restriction

Example: Restrictions article


For advanced security settings, please refer to the Administrator Guide.