T6 provides a highly configurable security model, allowing administrators and managers to maintain detailed control over user and group access to the system’s different features. The structure is based on user profiles (such as Administrator, Manager, Analyst, and Planner), each with specific permissions that define which actions are available inside the application.
Security is managed through the Users, Groups, and Roles sections, integrated into the main application menu. These elements provide an efficient way to assign permissions, manage access, and organize responsibilities.
T6 features are organized according to the access profiles assigned to users and groups. Below are the main highlights by profile:
| Administrator |
Manager |
Analyst |
Planner |
| Full management of application security and users; |
Creation and visualization of dashboards, forms, and analyses (Profitability, What-If, Simulations); |
Execution and visualization of workflows and formulas; |
Data entry and deletion through web forms and Excel; |
| Configuration of global parameters and integrations; |
Execution and unlocking of data load routines and cubes; |
Data export in XBRL format; |
Access to and execution of workflow tasks; |
| Administration of data load routines; |
Management of workflows, data tables, formulas, and processes; |
Reading and writing comments in intermediate-level cells; |
Visualization of instances and triggers; |
| Control over schedules, storage, authentication, custom themes, and T6 GPT usage. |
Broad permissions over reports, application structure, and direct data access. |
Restricted access to viewing dashboards, reports, drill-downs, and forms. |
Use of T6 GPT to support planning activities. |
In addition, T6 has specific features linked to Application Groups and Global Groups, such as:
- Object ownership transfer;
- Global management of dashboards, triggers, files, Explorer, and tables;
- Security auditing and theme customization.
Permissions can also be assigned to users and groups.
Their main highlight is the management of read and write permissions on T6 objects, defining the permissions of a specific user or group for specific objects, with the options Read-Only and Read - Write.
T6 has a security model that allows administrators and managers to create, configure, and maintain system access—and access to critical business information—in a simple and intuitive way.
Some T6 security settings can be accessed through the Users and Groups screens because, like most security systems, T6 follows this concept.
A group provides a simple way to organize a larger number of users. Instead of defining permissions and access individually, you create a group and assign permissions and features to it. This way, all users who belong to that group are affected by the group’s permissions and features.
In most cases, the user will need a set of enabled features to perform certain actions or access specific resources.
To confirm the required features for the resources and/or actions you want to perform, go to: T6 Help Center, find the desired page, and check the usage prerequisites.
User Features:
Click to expand options for the profile Administrator
| Feature |
Description |
| Select all |
Selects all items in the list |
| Manage application security (full)(multi-app) |
Displays the Access Control section, with the User, Group, and Roles options in the main T6 menu. Allows the user to access and configure security rules, assign and remove permissions, manage profiles and groups, audit access, and administer security across multiple applications. |
| Manage system users |
Displays the Access Control section, with the User, Group, and Roles options in the main T6 menu. Allows the user to create, edit, and delete users, reset passwords, and assign users to groups. |
| Manage system parameters and settings |
Displays the Settings section in the main T6 menu. Allows the user to change global parameters, system settings, integrations, and advanced adjustments that impact application behavior. To use this feature, the "Multi-Application Administrator" flag must be enabled for the user. |
| Manage data load routines |
Allows the user to configure, schedule, run, and monitor data load routines, including imports, exports, and integrations with external sources. |
Click to expand options for the profile Manager
| Feature |
Description |
| Select all |
Selects all items in the list |
| Create and view dashboards/maps |
Grants the user permission to create, edit, and view dashboards and interactive maps. |
| Create and view data entry forms |
Displays the Data-Entry option in the Explorer section of the main T6 menu. Grants the user permission to create, edit, and view objects in Explorer. |
| Create and view profitability analysis |
Displays the Analysis section, with the Profitability Analysis option in the main T6 menu. Allows the user to simulate financial scenarios, evaluate decision impacts, and support business strategies. |
| Create and view what-if |
Allows the user to configure and analyze alternative scenarios based on assumptions (What-If Analysis), simulating impacts on indicators or projections. |
| Unlock cube locked by another user |
Allows the user to release access to data cubes that are locked by other users. |
| Run data load |
Allows the user to import and load data into the application using Data Load screens and functions. |
| Manage lane structure |
Displays the Workflow option in the Workflow section of the main T6 menu. Grants the user permission to create, edit, and organize lanes in workflow. |
| Manage data table structure |
Displays the Data-Entry option in the Explorer section of the main T6 menu. |
| Manage trigger structure |
Displays the Workflow option in the Workflow section of the main T6 menu. Grants the user permission to create, edit, and remove triggers that automate actions and reactions in processes. |
| Manage process structure |
Displays the Workflow option in the Workflow section of the main T6 menu. Enables modeling, editing, and deletion of business processes using workflow resources. |
| Manage application structure/model |
In the main T6 menu, displays in the Explorer section the options Data-Entry, Modeling, and Report; displays the Modeling section with the options Designer, Formulas, Scenario Types, Lock/bnlock, Model History, and Publish; displays the Analysis section with the Copy/Clear option; displays the Settings section with the Log and Resources options. |
| Manage application security |
Displays the Access Control section, with the User, Group, and Roles options in the main T6 menu. Allows the user to access and configure security rules, assign and remove permissions, and manage profiles and groups. |
| Manage formulas |
Grants the user permission to create, edit, and delete calculation formulas. |
| Manage Workflow |
Enables creation, editing, and maintenance of workflows. |
| Manage XBRL |
Allows the user to manage XBRL templates and data, as well as integration modules for financial reporting. |
| Enable formula editing |
Enables formula and formula group editing for group users, allowing them to modify their data and properties in the system. It does not necessarily grant permission to create or delete formulas/groups, only to edit existing ones. |
| Enable formula execution |
Allows the user to run formulas and formula groups registered in the system. This feature does not grant permission to create, edit, or delete formulas—only to execute them. |
| Stop instance |
Allows the user to pause or stop running process instances to control workflow progress. |
| Impersonate action |
Enables execution of actions on behalf of other users. |
| Pick up instance |
Allows the user to take responsibility for a process instance, ensuring that processes do not remain stalled. |
| Publish process |
Enables publishing processes for general use, making workflows accessible to other users. |
| Sync management reports |
Displays the Report option in the Explorer section of the main T6 menu. Allows the user to update and sync reports with external sources. |
| Sysphera Excel Add-In with all features |
Enables use of the Excel extension, allowing export, import, and advanced data manipulation directly in the T6 spreadsheet. |
| Transfer instance ownership |
Displays the Transfer Owners option in the Workflow section of the main T6 menu. Allows the user to transfer process execution responsibility between users. |
| View process |
Enables access to detailed process views, allowing monitoring of status, history, and activity progress. |
| New scenario wizard |
Displays the Analysis section, with the Scenarios option in the main T6 menu. Allows the user to create new scenarios in the application. |
| Simulation wizard |
Displays the Analysis section, with the Simulations option in the main T6 menu. |
Click to expand options for the profile Analyst
| Feature |
Description |
| Select all |
Selects all items in the list |
| Act in workflow with any task type |
Allows the user to interact with the workflow module, executing, approving, rejecting, or forwarding any task type assigned in the process flow. |
| Run formulas in forms |
Enables the user to run formulas directly in data entry forms. Allows automatic calculation processing and real-time results in forms. The user will not have administrative formula permissions, such as creating, editing, or deleting formulas. |
| Export XBRL |
Allows the user to export data in XBRL format. |
| Allow reading comments in intermediate-level cells |
Grants read access to comments entered in intermediate-level cells in forms or reports, allowing the user to view notes made by other users, without edit permission. |
| Allow reading and writing comments in intermediate-level cells |
Allows the user not only to read, but also to add, edit, and remove comments in intermediate-level cells. |
| View dashboard |
Enables access to dashboards and interactive maps, allowing the user to follow indicators, charts, and result panels, without edit or creation permission. |
| View drill-down details |
Grants the user access to detail screens and data drill-down panels. |
| View formula |
Grants access to view formulas applied to fields, reports, or forms, allowing the user to view calculations and business rules, without edit permission. |
| View data entry forms |
Grants the user permission to access and review data entry forms, viewing information entered by other users, without permission to change or add data. |
| View management reports |
Displays the Report option in the Explorer section of the main T6 menu. Allows the user to view management reports. |
Click to expand options for the profile Planner
| Feature |
Description |
| Select all |
Selects all items in the list |
| Delete data via form |
Grants the user permission to delete all data in a data entry form. All form data is removed from the database, keeping only the form structure. |
| Act in workflow with form tasks |
Allows the user to work in workflows, executing, tracking, and managing tasks and stages of planning processes in the system. |
| Data entry without workflow requirement |
Allows the user to submit, edit, or update data directly, even when those actions normally require workflow stages for control, validation, or approval. |
| Display menu bar while viewing reports |
Grants the user permission to view management reports through the Explorer ribbon. |
| Enter data via Excel |
Grants the user permission to access and use Sysphera Excel Add-In features. The user can export data from the system to Excel, import data from Excel into the system, update information directly in spreadsheets, and use advanced integration features between Excel and the planning environment. |
| Enter data via Web |
Grants the user permission to access and view data entry forms. This feature is a prerequisite for other, more specific permissions, such as editing, deleting, or entering data in forms. |
| Reject instance |
Grants the user permission to reject tasks or stages in workflow flows. |
| View trigger |
Grants the user permission to access the initial workflow process view, displaying a list of processes that can be started, tracked, or monitored. |
| View instance |
Grants the user permission to view workflow process instances. The user can track progress, check detailed information for each instance, identify responsible users, dates, completed stages, and upcoming actions. |
Group Features (Application):
Click to expand options for the profile Administrator
| Feature |
Description |
| Select all |
Selects all items in the list |
| Manage application security (full)(multi-app) |
Displays the Access Control section, with the User, Group, and Roles options in the main T6 menu. Enables access to and administration of system security features. Essential for managing access controls and data protection. |
| Manage system users |
Displays the Access Control section, with the User, Group, and Roles options in the main T6 menu. When assigned, grants the user access to administrative user management features in the system. Used both for display and for access control in different parts of the application. |
| Manage system parameters and settings |
Displays the Settings section in the main T6 menu. Allows the user to change global parameters, system settings, integrations, and advanced adjustments that impact application behavior. To use this feature, the "Multi-Application Administrator" flag must be enabled for the user. |
| Manage data load routines |
Displays the Data Load option in the Explorer section of the main T6 menu. Allows the user to configure, schedule, run, and monitor data load routines, including imports, exports, and integrations with external sources. |
Click to expand options for the profile Manager
| Feature |
Description |
| Select all |
Selects all items in the list |
| Create and view dashboards/maps |
Grants the user permission to create, edit, and view dashboards and interactive maps. |
| Create and view data entry forms |
Displays the Data-Entry option in the Explorer section of the main T6 menu. Allows the user to manage data entry forms. |
| Create and view profitability analysis |
Displays the Analysis section, with the Profitability Analysis option in the main T6 menu. Allows the user to fully manage Profitability Analysis objects in Explorer. |
| Create and view what-if |
Allows the user to fully manage What-If Analysis objects in Explorer. |
| Unlock cube locked by another user |
Allows the user to release access to data cubes that are locked by other users. |
| Run data load |
Displays the Data Load option in the Explorer section of the main T6 menu. Allows the user to import and load data into the application using Data Load screens and functions. |
| Manage lane structure |
Displays the Workflow option in the Workflow section of the main T6 menu. Grants the user permission to create, edit, and organize lanes in workflow. |
| Manage data table structure |
Displays the Data-Entry option in the Explorer section of the main T6 menu. Grants the user global permissions over Data Tables, allowing them to view, create, edit, rename, delete, move, clone, and copy Data Tables in Explorer. |
| Manage trigger structure |
Displays the Workflow option in the Workflow section of the main T6 menu. Grants the user global permissions over Workflow Trigger objects. Allows viewing, creating, editing, renaming, deleting, moving, cloning, and copying Workflow Triggers in Explorer. |
| Manage process structure |
Displays the Workflow option in the Workflow section of the main T6 menu. Grants the user global permissions over Workflow Process objects. Allows viewing, creating, editing, renaming, deleting, moving, cloning, and copying this object type in Explorer. |
| Manage application structure/model |
In the main T6 menu, displays in the Explorer section the options Data-Entry, Modeling, and Report; displays the Modeling section with the options Designer, Formulas, Scenario Types, Lock/bnlock, Model History, and Publish; displays the Analysis section with the Copy/Clear option; displays the Settings section with the Log and Resources options. |
| Manage application security |
Displays the Access Control section, with the User, Group, and Roles options in the main T6 menu. Ensures full autonomy to manage security and the structure of users, groups, and roles within Explorer. |
| Manage formulas |
Grants the user permission to access Formula and Formula Group objects in Explorer, allowing them to view, create, edit, delete, copy, and manage these objects. |
| Manage Workflow |
Enables complete workflow management for users in the group, allowing them to create, edit, delete, and administer all workflow aspects in the system. |
| Manage XBRL |
Enables complete management of XBRL resources, allowing the user to administer templates, imports, exports, and other settings related to XBRL in the system. |
|
|
| Enable formula editing |
Enables formula and formula group editing for group users, allowing them to modify their data and properties in the system. It does not necessarily grant permission to create or delete formulas/groups, only to edit existing ones. |
| Enable formula execution |
Allows the user to run formulas and formula groups registered in the system. This feature does not grant permission to create, edit, or delete formulas—only to execute them. |
| Stop instance |
Enables the user to interrupt, cancel, or end running processes, giving the user administrative control over workflow execution in the system. |
| Impersonate application |
Allows the user to act on behalf of another application within the system. The user can temporarily assume the permissions, context, or identity of an application other than their own. |
| Pick up instance |
Enables the user to take available workflow tasks and become responsible for execution. |
| Publish process |
Enables the user to publish workflow processes, making them active and ready for use in the system. |
| Sync management reports |
Displays the Report option in the Explorer section of the main T6 menu. |
| Sysphera Excel Add-In with all features |
Enables full use of the Excel Add-In, allowing the user to query, edit, import, and export data between the system and Excel, as well as access all features provided by the Add-In. |
| Transfer instance owner |
Displays the Transfer Owners option in the Workflow section of the main T6 menu. Grants the user access to the "Transfer Ownership" feature in the system. |
| View process |
Grants the user permission to view workflow processes in the system. The user can access screens, panels, or reports that show workflow progress, history, or details. This feature does not enable modification actions (such as approving, rejecting, transferring, or editing processes). |
| New scenario wizard |
Displays the Analysis section, with the Scenarios option in the main T6 menu. Allows the user to create new scenarios in the application. |
| Simulation wizard |
Displays the Analysis section, with the Simulations option in the main T6 menu. |
Click to expand options for the profile Analyst
| Feature |
Description |
| Select all |
Selects all items in the list |
| Act in workflow with any task type |
Grants the user permission to view, monitor, and follow workflow process progress. The user cannot create, edit, delete, or administer workflows. Their actions are limited to consultation and monitoring. |
| Run formulas in forms |
Enables the user to run formulas directly in data entry forms. Allows automatic calculation processing and real-time results in forms. The user will not have administrative formula permissions, such as creating, editing, or deleting formulas. |
| Export XBRL |
Allows the user to export data in XBRL format. The user will not have administrative permissions over XBRL configuration or exported data structure, and can only perform the export. |
| Allow reading comments in intermediate-level cells |
Grants the user permission to view comments entered in intermediate-level cells within a data hierarchy. This feature does not allow editing or adding comments at these levels, only viewing. |
| Allow reading and writing comments in intermediate-level cells |
Allows the user not only to read, but also to add, edit, and remove comments in intermediate-level cells. |
| View dashboard |
Enables access to dashboards and interactive maps, allowing the user to follow indicators, charts, and result panels, without edit or creation permission. |
| View drill-down details |
Allows the user to perform drill-down operations in data visualizations. Does not grant editing or data administration permissions. |
| View formula |
Grants the user permission to view formulas and formula groups in Explorer. Does not allow creating, editing, or deleting formulas and formula groups. |
| View data entry forms |
Displays the Data-Entry option in the Explorer section of the main T6 menu. Grants the user permission to access and consult data entry forms, viewing information entered by other users, without permission to change or add data. |
| View management reports |
Displays the Report option in the Explorer section of the main T6 menu. Allows the user to view management reports. Does not allow creating, editing, or deleting reports. |
Group Features (Global):
Click to expand options for the profile Administrator
| Feature |
Description |
| Select all |
Selects all items in the list |
| Unlock users |
Allows the user to unlock user accounts that were blocked in the system. It does not allow creating, editing, or deleting user accounts. |
| Manage Schedules |
Displays the Settings section, with the Schedules option in the main T6 menu. Grants the user permission to create, edit, and delete workflow process schedules in the system. |
| Manage Storage |
Displays the Settings section, with the Storage option in the main T6 menu. Grants the user permission to create, edit, configure, and delete storage entries in the system. |
| Manage Remote Data Load |
Grants the user permission to create, edit, delete, and configure integration gateways in the system. |
| Manage Authentication Providers |
Displays the Settings section, with the Authenticator option in the main T6 menu. Grants the user permission to create, edit, configure, and delete authentication providers in the system. |
| Manage Reporting Services Resources |
Enables the Data Source option in the Integration tab of the Explorer ribbon. Allows the user to configure, register, edit, and remove SSRS integrations and resources in the system. |
| Manage Data Load Routine |
Grants the user permission to create, edit, delete, configure, and run scheduled tasks in the system. |
| Manage T6 GPT |
Displays the Settings section, with the Prompts option in the main T6 menu. Grants the user permission to create, edit, and delete predefined prompts for T6 GPT in the system. |
| Manage Custom Themes |
In the Options section of the main T6 menu, enables the Custom Theme option. Grants the user permission to create, edit, and delete new custom themes in the system. |
Click to expand options for the profile Manager
| Feature |
Description |
| Select all |
Selects all items in the list |
| Direct data access |
Grants the user the ability to create, edit, and execute DataLinks with direct data access. |
| Security Audit |
Grants the user permission to access and consult the security audit trail, allowing monitoring and investigation of administrative and security actions performed in the system. |
| Manage File |
Allows the user to manage upload, download, deletion, organization, and maintenance features for files in shared system areas. |
| Manage Dashboard |
Grants the user permission to create, edit, delete, organize, and control dashboard permissions in the system. |
| Manage Explorer |
Enables all features in the Explorer ribbon’s Home tab (except Transfer Owner), including object and folder creation, editing, deletion, organization, and permission control. |
| Manage Trigger |
When selecting a Workflow Trigger, enables the Open, Edit, Properties, and Permissions options in the Explorer ribbon. |
| Manage Global Group |
Grants the user full access to global group management features, allowing administration of group structure and permissions across the system. |
| Manage Process |
Displays the Holidays option in the Workflow section of the main T6 menu. |
| Manage Data Table |
Allows the user full access to data table management features, including administration of structure, content, and permissions for these tables in the system. |
| Impersonate |
Displays the Access Control section, with the Impersonate User option in the main T6 menu. |
| Transfer object ownership |
Enables the Transfer Owner option in the Explorer ribbon’s Home tab. |
Click to expand options for the profile Planner
| Feature |
Description |
| Select all |
Selects all items in the list |
| Access T6 GPT |
Enables access to T6 GPT, allowing the user to interact with T6’s artificial intelligence chat. |
In the Application selection dropdown, there is also the Global option, which allows assignment of global features that apply to all system applications. These features are managed centrally and affect overall T6 behavior. Through the Global application, we can assign global group features to a user exclusively, without needing to create a specific group for that purpose.
In T6, permissions control the access level of users and groups to specific objects within the application. The system’s security structure allows you to precisely define who can view or edit each object, promoting granular control over data and features.
Permissions can be assigned to users or groups.
| Permission Type |
Description |
| Read-Only |
Grants the user permission to view the object, without editing capability. |
| Read - Write |
Allows the user to view, edit, and save changes to the object. |
Permissions are independent per object. For example, the same user can have read permission for one dashboard and write permission for another.
Permissions are managed directly by the object owner, who is, by default, the item creator. To configure permissions:
- Go to Explorer.
- Select the desired object.
- Click Permissions in the ribbon.
- Add user(s) or group(s).
- Choose the permission level: Read-Only or Read - Write.
- Click Apply to save settings.
Only the object owner can change permissions. For another user to take over this control, you must perform an Ownership Transfer.
You can also define object access permissions directly through the Users or Groups screen, available in the Access Control section.
To do this:
- Open the Users or Groups screen.
- Select the desired user or group.
- In the ribbon, click Permissions.
- Click the Permissions tab.
- Click Manage.
- Locate and select the desired object(s).
- Set the permission level (Read-Only or Read - Write).
- Save the changes.
Permissions assigned through the Users or Groups screen have the same effect as permissions configured directly on the object and remain valid even after ownership transfer, as long as they are not removed.
Using groups for permission management is recommended because it centralizes access administration and improves scalability. When a user is added to a group with assigned permissions, that user automatically inherits those permissions.
Changes to group permissions affect all of its members in real time.
Frequently Asked Questions
1. What is the difference between the Administrator, Manager, Analyst, and Planner profiles?
Each profile has specific responsibilities, along with a distinct set of features:
Administrator: Full management of security, global settings, and data load routines
Manager: Creation of dashboards, analyses, workflows, and management of application structure
Analyst: Workflow execution, report viewing, and XBRL export
Planner: Data entry via web/Excel, instance viewing, and T6 GPT usage
2. Can a user have multiple profiles at the same time?
Yes, users can have features from different profiles simultaneously, and can also belong to groups with different features.
3. What is the difference between "Read-Only" and "Read - Write" permissions?
The difference is in the access level granted to the user:
Read-Only: Allows viewing the object without editing
Read - Write: Allows viewing, editing, and saving changes to the object
4. How can I change object permissions?
There are two ways to change object permissions:
Via Explorer: Select the object → click "Permissions" → add users or groups → set permission level;
Via Users/Groups screen: Go to Access Control → select user or group → Permissions → Manage → set permissions.
5. Why is it recommended to use groups instead of individual permissions?
Using groups is recommended instead of individual permissions because groups centralize access administration, improve scalability, and changes affect all members in real time.
It is more efficient to manage permissions for a group than individually for each user.
6. Do I need multiple features to perform certain actions?
Yes, in most cases, a set of enabled features is required. We recommend checking the T6 Help Center to verify prerequisites for specific tools.
7. Which features are required to use T6 GPT?
To use T6 GPT, the following features are required:
From the Planner profile: Access T6 GPT;
From the Administrator profile: Manage T6 GPT (for prompt creation);
8. What happens to permissions after ownership transfer?
After ownership transfer, permissions assigned through the Users/Groups screen remain valid, as long as they are not removed.
9. Is there any special requirement for the feature "Manage system parameters and settings"?
Yes.
To enable the feature "Manage system parameters and settings," the Multi-Application Administrator flag must be enabled for the user.
10. Can I enable global features without adding users to groups?
Yes, in user permissions, by selecting the Global option in the application dropdown.
It is possible to enable global features for individual users without adding them to groups. However, it is important to ensure that the required permissions are correctly assigned to those users.