-Fresh install of 3.0 on fresh Win2003 SP2 server.
-Import wizard from Prod XIR2 to 3.0 dev bringing everything possible except for inbox/personal folder docs.
-Chose “merge” option, uncheck rename top folders, chose all folders, all universes, all connections, basically everything possible.

Now I’m having some security issues in 3.0. I have a test user A that can do things in XIR2 that now don’t work in 3.0 after migration. I’ve gone thru and made root level folder changes to get folders to view. Also gone so far as to give this user ID “Full Control” to everything possible in the CMC. Full control on root level users, groups, folders, applications like InfoView, etc…everything. I checked the users security in InfoView and all things are enabled.
The problem is that when I log in with that user and try to do certain tasks, like view properties on a report, change preferences within Infoview, hit schedule button, etc I get an error message stating => An error has occurred: Sorry, you do not have the right to ‘Add objects to the folder’ (ID: 1) for ‘’ (ID: 49). Please contact your administrator if you require this right. ’

I can’t find any possible additional changes to give further rights in the CMC. Spent hours and hours, plus 2 hr webex with BO tech supp, who isn’t very helpful on 3.0 because nobody knows the stupid app. Plus the new CMC sucks! It’s a PIG and it takes way too much time to do things like check users rights compared to XIR2. Sure, custom access levels are cool, but the flow of doing anything is more cumbersome IMHO.

Any ideas appreciated, I’m STUCK!

ccermak (BOB member since 2007-11-13)

I really appreciate all your comments … it’s time to jump to third party tool

They are few changes on the security model see presentation here

The problem come from the group Everyone.

What kind of right did you setup within your group security matrix?
on top level group USer group and Groups and on the Everyone group?

At root level for All Users, the Everyone group has advanced access with the following options granted, rest are not specified.
-add objects to the folder
-change password that the user owns
-edit objects
-modify the rights users have to objects that the user owns
-view objects
-view objects that the user owns

At root level for All Groups, the Everyone group has access level = View.

For the everyone group, the everyone group’s rights against itself are inherited from root, with an exception I’m seeing that the following two options are set to “Explicitly Denied” where all rest show as not specified.
Under General
Denied:
-Delete Objects
-Edit Objects

Under System / User
Explicitly Granted:
-View objects that the user owns
rest are set to not specified

Hopefully this is clear, it’s confusing to type out.
Also, we migrated from 6.5 into XIR2 and security came in funky. Things were then piecemealed together to get it to work ok, but now we went from XIR2 to 3.0 and having issues again.

Is there a good doc out there for best practice of what to set root level things to, good security model info easy to understand? The BO admin docs aren’t great.

Thanks

ccermak (BOB member since 2007-11-13)

Try to change this right:
At root level for All Groups, the Everyone group has access level = View.

You can specify multiple right at one intersection thus let the view plus grant the right add objects to the folder.

No luck, still the same exact error occurs.

ccermak (BOB member since 2007-11-13)

BO tech support can’t figure out either. Requesting copy of CMS database from us. We created a brand new BOE user, verified it’s rights against folders, gave full control, and still get same error. Only way can change preferences or view properties on a report is by placing the user id into the administrators group.

I hate the new 3.0 CMC. Every time I try to do ANYTHING, the CPU on my laptop spins up to the moon and the CMC within IE just crawls. It’s the worst POS I’ve seen out of any app. Complete junk. I watch the resources on the BO server while I’m doing CMC from my laptop and they’re up but not near 100%.

ccermak (BOB member since 2007-11-13)

FYI - I have a 2.0GHZ CPU on a Dell laptop with 1.0GB RAM and the CMC is so slow I don’t think I could do my job effectively. Anybody else seeing this problem??? Is it just me?

ccermak (BOB member since 2007-11-13)

There are other posts on BOB dealing with CMC performance issues.

As said at different BOUG it was easier in Xir2 to fix such a problem…
ow with all these rules it’s harder!

Change the right the everyone group has on the temporary storage folder…

Yep! I believe that was it…the temp storage folder. Was granted enabled for “add objects to folder that the user owns” but not add objects to folder.
I believe that did the trick. Thanks for the pointer! This is/was a showstopper issue for us!!!

Much obliged.

ccermak (BOB member since 2007-11-13)

Hi,

I ran into the same issue when trying to change the My Infoview for a specific new user. Spend hours and hours trying to find out and all I got was that same message over and over again…

Anyway, just wanted to share what did the trick in my case.

I just resolved it by changing the right of that specific user for its Personal Folder.
Apparently, when creating a new user the (automatically?) defined Personal Folder has, by default, the No Access right assigned to Everyone. Hence the user itself has No Access as welll…

phonque (BOB member since 2005-10-17)

I know this is an old thread, but I ran into this issue today…Thanks this fixed my problem.

knowthediff (BOB member since 2005-12-06)

Thanks so much… working with imported security BOE 3.1., same issue. Had done many of the same steps with more global settings. BOE Error message wasn’t much help, then I found this…

DataTruths (BOB member since 2008-08-04)