Three Levels of Granularity

You can set permissions at the following levels of granularity:
  • Repository-level controls function as a gateway and as a parent-of-last-resort. Repository-level controls are managed from the permission pattern of the repository ACT (Default ACT). All registered users should have ReadMetadata and WriteMetadata permissions in the foundation repository ACT’s permission pattern.
  • Object-level controls manage access to a specific object such as a report, an information map, a stored process, a table, a column, a cube, or a folder. You can define resource-level controls individually (as explicit settings) or in patterns (by applying access control templates).
  • Fine-grained controls affect access to subsets of data within a resource. To establish fine-grained controls, you add constraints called permission conditions to explicit grants of the Read permission.