Three Levels of Granularity

Repository-level controls function as a gateway and as a parent-of-last-resort. Repository-level controls are managed from the permission pattern of the repository ACT (Default ACT). All registered users should have ReadMetadata and WriteMetadata permissions in the foundation repository ACT’s permission pattern.

Object-level controls manage access to a specific object such as a report, an information map, a stored process, a table, a column, a cube, or a folder. You can define resource-level controls individually (as explicit settings) or in patterns (by applying access control templates).

Fine-grained controls affect access to subsets of data within a resource. To establish fine-grained controls, you add constraints called permission conditions to explicit grants of the Read permission.