I’m working with Microsoft on a technical whitepaper and received some information from the PM on security about new Roles in M&A. Server roles apply to the whole Dashboard Designer installation and grant system-wide access to data and tasks. There are four types of server roles:
Admin: This role provides complete control over Monitoring & Analytics Server and access to all dashboard data. A member of the Admin role can create, edit, and delete all dashboard elements and also publish to the server. Admins have access to the Server Administration console, which is used to grant object and server roles to other users. The administrator group on the computer that hosts Monitoring & Analytics Server is automatically added to this role and cannot be removed
Creator: This role enables users to create reports, key performance indicators (KPIs), scorecards, and other indicators. Users who have the Creator role can publish dashboard elements to the Monitoring & Analytics Server. A Creator can also delete elements if he or she has Editor role permissions on the element. After an element has been created the identity of the creator is automatically added to the elements editor role.
Power Reader: This role grants read-only access to all dashboard elements on the Monitoring and Analytics server.. This role is intended for use by service accounts or backend services that need complete access to the system. For example our engine running under notification services must be granted this role for alerts to work.
Data Source Manager: This role enables users to create and delete data sources. Users who have permissions for the Data Source Manager role can also publish data sources to Monitoring Server.