I have searched forum for half hour now and played within CMC (Business Objects 3.1) changing rights ,creating custom access levels but still not figured out a way to lock down a group so that all they can do in CMC is see and maintain the following, Folders,Personal Folders, Users & Groups, Inboxes, Query Results , QAAWS , Calenders, Events , Sessions. This group I want to call “Supervisor” with a custom Access Level that me and others as Administrators can control what they can and cannot do. In XIR2 I made Supervisor a sub group of Administrator of which rights inherited down so they can support the end user. But this time I want to prevent them from screwing up the rights I have already set. Someone please advise… thanks Macroman
Took a while but I got there , far too complicated and complex to put in here what rights I set and where, all I can do is offer the best of British to those whom wish to achieve the same thing as I have achieved. Advice to give if any is to create an Excel spreadsheet (see downloads for example) which can be used to record what rights you need to set, this will help when migrating/setting up from development to live. It will be a BIG help.
I did not get your requirement clearly.
What are the rights you are looking for? Could you explain the existing(BOXIR2) security set-up? So that we can create a custom access level in BOXI3.1.
These are supervisor rights to enable our Help Desk to support the product of BOBXI3.1. All I want them to be able to do is maintain users and group memberships , I also wanted them to be able to delete reports and folders and move reports and folders around. I did not want them going in an changing the ever so complex rights I have set up for our end users. I have successfully created a custom access level called “Supervisor” rights in which at the Top Most level of the environment I have set “Everyone” to no access and where deemed neccessary , such as Folders and Users & Group List added the Supervisor group and associated the “Supervisor” custom access level. Every company will have different rights they wish to associate to there groups so will be difficult for me to go into any details as to how I set up mine. It is a learning curve and requires a bit of practice until you get it right. Hopefully I have answered your question.
I’d appreciate this also, I can get the CMC to display only Query results, instance manager and application options for my new group. I can’t get users or groups to appear for some reason.
I am finding too many anomalies when setting rights and I’d hate to think any advice I give at this stage would not be correct. I can say be careful of Inherritted rights, Inherit from Parent Folder and the Inherit from Parent Group, if you been there you will know what I mean.
What I found with this is that rights inheritted down from a group or folder in which the object belongs, such as sub folder inheritting from parent folder does occassionaly negate what I have set, sometimes you want it to other times you dont.
Also when setting custom rights you can force inheritance down to sub level. So what you set at one level if forced down to sub levels, sometimes you want this and sometimes you dont.
Too many rights to assign and so much explanation to put forward.
Not making sense, thats because I have spent 4 days setting rights and when I thought I got it the way I wanted it, I was wrong. So having to start again.
My next plan is this.
Create a TEST group
Create custom TEST Access level with no rights assigned yet
Go into Top level folder set Everyone to No Access, same with all application.
Mght do the same with Universe and Connections
Add TEST group to Top Level folder and assign TEST Access
Goto custom TEST Access level and start switching things on
See what happens.
Do this in development server where you have ability to roll back, fortunately I am testing in a Vitrual Workstation in which I have taken snapshots, I have so far reverted back to a clean environment 33 times.
I am still finding my feet in setting the rights tailored to our business and like I say not all businesses will want to use the same setting of rights I am aiming for.
Please anyone that can offer better advice than me , help…
It’s been how many years since XI R2 came out, and they (BO, now SAP) still can’t get a security platform/setup for the non-astro physicist among us to navigate and use properly.
(BOB member since 2002-11-13)
