I have migrated 5000+ reports and 100 Universes from 5.1 to XI R2.I have moved all the reports into appropriate business folders.I have created groups/subgroups and users.
My query is :
1.I want to give access to report folders to certain groups so that only those groups shud be able to access that report folders no one else shud be able to(ofcourse administrator).Can someone suggest the basic security that has to be set in CMC under Settings and also in Business Objects applications and Everyone group.
2.I want to restrict access to universes to only certain groups.Let me explain the requirement.
I have a universe which will be accessed by 2 groups then how shud i give the access to those 2 groups.Where I need to set the security so that other groups shud not be able to access that universe.
I tried my level best and the access is not working I dont know where I did mistake.I am struggling to reset it.
I was not able to add all the screenshots and I have attached only setting->Everyone
1.CMC->Settings Administrator and Everyone as I heard this setting plays an important role as it is the principal or root for the security.
2.Home->Everyone Group(even settings under this is also very imp).
3.Home->Business Objects applications->Desktop Intelligence->Everyone->Advanced Rights.
All the 3 settings shud be proper so that we can define proper security.
Correct me if I am wrong.
We have resolved the problem by setting access to everything EXCEPT view objects in the settings for everyone, then set view objects for the correct group for the relevant folder.
Security in XIr2 is quite simple if you do it correctly. There is object security and data security. All report objects are divided up in folders, and you assign access permission at folder level.
You set up a data security table and organization hierachy table in your reporting data mart. This allows different people at different hierachy to see different data when running the same reports.
All universes should be divided up in folders, just like reports. Then you grant access permission to these universe folders by user groups. Unlike reports, you create universe folders in Designer and not in CMC. And don’t forget to grant permission to the associated connections or the universes will not work for the users.
If you change the rights in Home > Settings for Everyone for View objects to ‘not specified’, then change the rights for GroupA for FolderA to Explicitly Grant access to View objects, you should find that users in GroupA can see folder GroupA and its objects (and so will Administrators) but other users will not see the folder.
as far as I can see, you are looking at the rights for changing the group called ‘everyone’. This doesn’t affect what ‘everyone’ can do but what users can do to the group called ‘everyone’
I have followed the steps that are mentioned in this particular case and I have given ‘No Access’ to everyone at highest level and at universe level I have given ‘View on Demand’ access to a particular group.When I try logging into Desktop intelligence and create a new report using the universe which i have given access.It gives and error as ‘Could not import the universe’ and again as ‘cannot find the packaged universe.(DA0011)’.
(BOB member since 2007-04-18)
(BOB member since 2004-01-16)