Hi,
he can also change all restriction sets !
I think now the best way to manage security restrictions is to do this under the DB !
Regards
Really Good Information about XI R2 Security
tallurik (BOB member since 2005-12-22)
Hi all,
I found this presentation good but mainly done to explain how to create users / groups / folders …
I had one (but only in french ! as soon as i’ll translate it i can upload it there ;-)) which explains security differences :
5-6 : user centric
group or user inheritance
effective rights calculation depending on the object
Xir2 : object centric
double inheritance
effective rights calculation for all objects …
And then explain the double challenge of security under Xir2 :
- Create a security modele you can administrate
- Migrate your existing security.
Regards
Hi all,
I am interesting in that presentation in french, could you pleased send it to me ?
Thanks
Loïc
lcoudert (BOB member since 2006-04-11)
Hi and welcome to BOB 
OK i will send it to you !
Admins i think i can’t upload it cause it’s in french ?
I’ll try to translate it as soon as possible !
1000 good shot
Regards
Hi,
In folders tab,They are no folders at all Do,I have to do some thing I am able to see the universes.But in folders tab there is nothing.Please help me.
It seems like Universe folder permissions need to be set. Please try the steps below,
1. In CMC, go to Universe section.
2. Go to Folders tab.
3. Select the folder which has the universes you want to build reports on.
4. In the rights section add "Power Users" group and give appropriate rights (start with full control first and then you can decrease rights when it starts working).
5. Click OK to apply all the rights.
Similarly you have to give rights to Universe connection by going to "Universe Connections" section in the CMC.
Hope this helps.
Thanks
Shekara ReddyThanks
Padma 
Developer 
(BOB member since 2006-03-16)
Hi all,
As promised, here is the document provided you with the results of our security migration studies :
BOE Xir2 security concepts
As i mentioned in my previous posts security migration is a real double challenge !
The document is a comparison between security concepts in BO5 or BO6 and in BOE Xir2.
it also explains the double challenges of the security migration :
- first make a security system you could administrate
- then the current security migration itself.
The document is the result of all our works made numerous beta tester,
and customers who wishes to migrate. Indeed we shared knowledge with
all of them on these challenges and the security migration methodology.
Keep in mind that this document is the one we use for presentations. (BO user group or customers).
Thanks for any feedback !
Regards
Hi,
Thanks a lot for these two presentations they are very helpful to understand how XIr2 security now works !!!
Thanks again.
Sunny
sunnysingapore 
(BOB member since 2006-05-31)
I am still under confusion how to manage rights for the users. I have a group A containing some users. I have a folder X. For folder X, i have given users under Group A only “view” rights. But as these users are also a part of everyone, they dont really affect with the view rights. They are still using the rights for everyone group.
By default when we add users they are the part of everyone group and everyone group has different rights then other groups, but still all of the users in our system is working according to the rights of everyone.
Why so? This is a nightmare for me. Please help!
Bhaumik Parikh (BOB member since 2005-12-07)
Try setting the everyone group to the predefined access level of no access for all your folders. Change your global security accordingly: granting no access to the everyone group.
Andreas 
(BOB member since 2002-06-20)
Thanks, but the Administrator is a user of Everyone Group too. So once i give No Access to everyone group, Administrator will also be restricted. Agian, will Administrator inherit the rights from Admin Group or Everyone Group?
Thanks for help. Appreicaited much much!
Bhaumik Parikh (BOB member since 2005-12-07)
Hi,
Did you have a look to the presentation on this post ?
More especially mine explaining new rights agregation rules.
Administrator will inherit both rights from Everyone group and Admin group.
Everyone group No access (NS not specified)
Admin group full control (OK explicitly granted)
OK + NS = OK (member of both group)
NS = KO (only member of Everyone group )
Regards
Incorrect, any user gets the “best” (highest) access right (from low to high: No Access, View, Schedule, View on Demand, Full Access) from any group he/she belongs to, unless one group has explicitly set a right to Denied, there are more details to it such as setting individual rights, inheritance, etc.
I strongly recommend attending a training course for Business Objects XI Release 2.
Andreas (BOB member since 2002-06-20)
Hi all,
Here is the last release of my document on security concepts :
BO Xi r2 security concepts .
It’s the one I present at the last BONYMAUG in november.
It includes two new slides on tips and tricks to enjoy long term benefits.
Regards
Hi
I am also have lots of fun with security (have post a topic re documentation about what each item in the cmc grants in terms of applicaiton fucntionality.
We have found the following:
If we want Desktop Intelligence to appear under ‘new’ in infoview.
Goto cmc, Business Objects Enterprise Applications, Desktop Intelligence
Grant user rights to ‘copy to clipboard’ and/or ‘eurconverter’
By granting this the user then gets desktop intelligence in the menu
It seems strange to us as you would thinking by say granting ‘create desktop intelligence document’ in this same area that that would more likely add desktop intelligence to Infoview - but it doesnt
What we did was set up a test user that had no access granted, and then one by one granted each item to see what they got. A lot of the names for items in the cmc did not match what was granted
We have put a case through to BO to help understand why ‘copy to clipboard’ seems to be the item in the cmc that put desktop intelligence in the ‘new’ menu in Infoview.
As to Web Intelligence. We have out users creating reports in Java report panel and viewing them in HTML.
Cmc, Business Objects Enterprise Applications, Web Intelligence
Granted user rights to 'Java report Panel. Web Intelligence now appears in the new menu in Infoview. The problem is that it then also allows users to modify WEBI type documents that are in a public folder (that they only have view access over).
Again a case has been raise with BO - Bit of a catch 22 … we want user to create WEBI Documents in Infoview, but dont want them to modify WEBI documents in a folder - just run them
We cant find a way around it at the moment.
LLBuchanan 
(BOB member since 2006-03-08)
Goiffon and Smith is exactly right - BOXI is object centric security, we had the same situation going from Crystal Info (the pre-cursor to Crystal Enterprise and hence the pre-cursor to BOXI). It`s difficult to get your head round initially, but I try to advise my customers the doctrine that pretty much everthing in BOXI is securable by everything else.
ABILtd 
(BOB member since 2006-02-08)
Hi all,
Here is the last release of my document on security concepts :
BO Xi r2 security concepts.
It’s the one I present at the last DFWBOUG in June.
Regards
Hi,
Can any one explain clearly how the groups will function in cms.
Is it necessary that whenever i create a new group it should be some member of existing group.
jj.jampala (BOB member since 2007-06-06)
Hi,
No it’s a kind of an acyclic graph. I mean u no longer need a top level group like in previous release. And a group can be a sub group of more than group. Did ou watch my pdf explaining that ?
Regards
Hi all,
Here is the last version of my document on security concepts :
BO Xi r2 security concepts.
It’s the one I presented at the last UK BOUG.
Regards