Permissions are accessible from the pane located in the upper right corner of the screen:
The Permissions tab is divided into several sections:
The Permissions section provides information about the number of available and occupied licenses in the program.
In the Users section, you can create new accounts and edit existing ones. To create an account, select the button 
. In the Profile tab, enter a unique login and complete the remaining information.
Once the availability of the entered login has been validated, you can enter the remaining information:
In the Permissions tab, you can assign users to roles and user groups. The account creation process is complete once you click the Save button.
To edit an existing account, continue to Users tab and select the Edit button.
Here, you can modify the roles and groups assigned to the user, as well as change the account access password.
In the second section, Groups, you can create and manage user groups. This functionality is used in various contexts, including subscriptions, where you can assign users to specific categories.
In the third section, Roles, you can create, delete and edit roles with user permissions. Predefined roles provided by Comarch include:
The scope of available permissions includes:
-
Connection user
Users with access to the connection repository in the BI Point system.
-
BI Point administrator
Users with full access to all features and areas of the BI Point application.
-
BI Point user
User with access to repository resources (connections, data models, reports) in accordance with the permission level assigned to individual objects: no access, read access, limited access, or edit access.
-
Subscription administrator
Users with access to the subscription module in BI Point can create and manage their own subscriptions. However, they do not have access to other users’ subscriptions.
-
Data model user
Users with access to the data model repository in the BI Point system.
- Read-only user
Users can only view reports and dashboards; they cannot edit them.
- ChatERP
Users can launch and use ChataERP within the application.
The last section is External users.
Upon selecting the button, you can add an external user. Data such as email address and personal details are mandatory to add an external user.
In the “Permissions to Data” tab, you can define permissions to specific measures and dimensions within data models for individual users.
A new permission is created by selecting a data model (or models) from the list.
Permissions are assigned by selecting the appropriate checkboxes by individual data model elements. Each option is explained in the legend available under the “Learn more” button.
To quickly clear the initially selected filters, use the eraser button.
Using the + button, you can manually enter the name of dimension element, e.g. np. if permissions are created before the model is reloaded.
After reloading the model, this element will already be selected when the dimension values are expanded.
When assigning permissions to hierarchical elements, first select the elements that will be transferred to the tree of measures and dimensions that is visible under the Elements subtab.
Next, you can specify which hierarchy levels the assigned permissions will apply to. Use the eraser icon to indicate if the user should work with a filtered data set (a limited set) or with the full data set, to which new elements may be added automatically in the future. The same permissions also apply to the full data set.
When creating a role, you can add to it more data models to it by selecting the “Add Model” button.
It is possible to create multiple roles that refer to the same data model. When a user has different access levels to the same element within different roles (e.g., permissions are granted in one role and revoked in another), effective user permissions result from applying the principle of least privilege. In such a case, this means that the user will not have access to the element.
It is also important to correctly assign permissions to hierarchical elements because it significantly impacts the performance of filter loading in the data permissions module.
To optimize the process of modifying or creating permissions for hierarchical dimensions, it is essential to use the function assigned to the eraser button 
.
The example below shows how to grant limited access to data from the period of 2024–2025. Selecting a whole year automatically selects all of its subelements, i.e., all of its days. By filtering this dimension, the engine service will filter all subelements, which may result in a timeout error.
Using the eraser icon clears the subelements and filters only the three parent elements, which works much faster.
Comarch BI Point offers four permission levels that can be defined for each user group or user individually, for both folders and reports. These permissions, ranked by access level, are: None, Preview, Limited, and Edit.
The “None” (No access) permission takes precedence over all others and has the highest priority. This means that if a user has read permission, but their user group has “None” permission set to a given object, the user will not see that object in the report tree.
If a user or their user group has not been assigned direct permissions to an object, the system retrieves the permissions from the nearest parent element in the folder or report hierarchy for which permissions have been defined.
To verify the user’s actual permissions for a specific report or folder, use the “Effective Permissions” tab.