User access is controlled by user type and user role. Administrative users have full access across Analytics Exchange while non-administrative users have application-level permissions that control collection and folder-level access.
There are two types of AX Server users:
Only the Super Admin can access the AX Server Configuration web application, however the Super Admin has no access to AX Client.
The Super Admin and users with the Administrator role can add users to AX Server.
With the exception of the Super Admin, every user in AX Server is assigned one or more of the following roles:
Users that the Super Admin adds are automatically granted this role so that the new users can access AX Client.
For more information about each role in AX Server, see User security.
Depending on your organization’s AX Server license, one of four scenarios is possible when granting access to AX Web Client:
If your license does not include AX Web Client access, or if all licenses are in use, you cannot assign the Web Client Access role to users.
Users with Core Client Access and Web Client Access roles have further application-level permissions that control which Working directory or Library audit item they can work with.
Each collection and folder has individual permissions that specify:
Users with the Admin role have “Full permissions” to all audit items.
For more information about audit item permissions, see .
AX Server tracks all permission and role changes in the userpermissionlog table of the database.
Using this table, you can query information about the following actions:
| Column | Data Type | Nullable | Description |
|---|---|---|---|
| logId |
|
N | The auto-incrementing primary key for the record. Note If records with the same transactionid value do not have sequential logId values, check your database logs to ensure a manual deletion was not executed on the table. |
| transactionid |
|
N | The unique identifier of the user action that creates
the record. Tip: A single action in the user interface can create multiple records in this table. Group records by the transactionid to find all permissions changes associated with a single user action. |
| userid |
|
N | The user ID of the user whose role or permission changes as a result of the action. |
| username |
|
N | The username of the user whose role or permission changes as a result of the action. |
| audititemid |
|
Y | The identifier of the audit item that the user’s permission change affects. Null on role change. |
| permissiontype |
|
Y | The users permission type for the record. |
| action |
|
N | The action taken by the user who makes the change. |
| changebyuserid |
|
Y | The user ID of the user that made the permissions change. |
| changedbyusername |
|
N | The username of the user that made the permissions change. |
| changetime |
|
N | The timestamp for the record change. |
| application |
|
N | The application from which the change was made:
|