Phocas has a new user documentation site. This site will be retired soon.

Overview of access to data

When a user is added to Phocas, they automatically see a homepage but cannot view any data until they are given access to a Phocas database. Even when users have access to a database, they might not be able to access all of the data within that database.

To ensure users only see the data that is relevant to them (and protect sensitive information), administrators can:

  • Control whether or not users have access to a database.

  • Use restrictions to limit what users can see (specific data items) within each database.

For example, you might want all users to be able to access the Sales database but only allow some users to see a subset of the data, such as a specific region or customer.

Two types of database restrictions

When you give users access to a database, by default, they have access to all data items (streams, measures and dimensions) in that database, unless default database restrictions apply. You can apply additional restrictions on a user-by-user basis.

  • User database restrictions - Applicable to one or more selected users, to limit access. If a user does NOT have a restriction, it implies they have access to all data items in the database. 

  • Default database restrictions - Applicable to all users for whom NO user restrictions were applied. Used to increase access; allows a secure by default way of setting up a database. 

These restrictions work together to give administrators a very fine level of control over data visibility, with the user restriction always overriding any default database restriction.

Each database has its own restrictions

You apply restrictions to one database at a time, therefore, a restriction in one database has no influence on the other databases to which the user has access. This means that:

  • You can define separate restrictions for different databases. For example, you might want to give a user access to the Cost data in the Purchases database but not in the Sales database.

  • If you want to apply the same restriction to multiple databases, you need to define the restriction for each database. For example, you might want to restrict access to the Cost data in both the Purchases and Sales databases.

Multiple ways to manage access and restrictions

You can give a user access to a database and apply restrictions in different ways. Each method approaches the task from a different point of view, so one might be more suitable than another:

  • One user, multiple databases: On the Databases tab of a user’s maintenance form. See Manage user database access and restrictions.
    This method is suitable when you want to focus on a specific user’s database access and restrictions. For example, in the following image, Jill can access all the Sales and Purchasing databases and no restrictions have been applied. She can also access the CRM database but some restrictions have been applied. She cannot access the AR, AP and Finance databases (outlined in red).

  • One database, multiple users: On the Users tab of a database's page. See Manage database access and restrictions.
    This method is suitable when you want to focus on a specific database. You can view at a glance the list of users who have access to the database and if any of them have any database restrictions. For example, in the following image, Bert and Helen can access the Sales database but some restrictions have been applied. Jill can access the Sales database and no restrictions have been applied. Joe cannot access the database (outlined in red).

  • Multiple users and databases, in matrix format: On the main Users screen, in Database view. See Manage user database access and restrictions.
    This method is a combination of the above two methods. It is suitable when you want to get an overview of all access and restrictions from both the user and database perspective. You can see at a glance which users have access to each database, and if any restrictions have been applied, then make changes where required.

  • Multiple users, multiple databases at the same time: Using the Bulk Update feature. See Update users in bulk.
    This method is suitable when you want to update access to multiple databases and/or apply multiple restrictions for one or more users at the same time.

  • One database, all users: Using the default database restrictions. See Manage a database's default restrictions.
    This method is suitable when you want to implement a secure by default way of setting up a database.