Help with access levels settings in XI3.1 service pack 2

Hi all,

I am driving myself crazy with setting up access levels in XI3.1 service pack 2, I’ve nearly got what I need but I’m falling at the last hurdle.

Here is the situation.

[Team A] has access to [Folder A] and it’s reports.

Each owner of the reports in [Team A] needs to be able to modify and publish there own reports, this all works well with my pre-defined access levels.

[Team A] also has access to specific reports held in [Folder B], these are added into there corporate category, as they are unable to see the [Folder B] as they do not have the rights on it.

When a member of [Team A] retrieves the report from [Folder B] via there category, I assumed as the report had a different owner they would not be able to publish it to there folder. As it is working fine like this for the reports in [Folder A]

( I have applied the same access level to the individual report in [Folder B] as I have for the [Folder A] )

But they are able to published a new version of this report into [Folder A], even though they are not the owner, they then become the owner of the new version of the report in [Folder A]

We wanted to avoid this at all costs, we only want one instance of each report, and it is stored within the folder of the team that owns it, we then grant access to this report via categories to the other teams.

I’m reluctant to go for a single document folder setup within the CMC/FRS as some teams have 300+ reports, and we have over 1000+ reports in total, so I wanted to take advantage of the inherit security from parent folder functionality in XI.

Does anyone have any ideas, I have been playing around with the access levels for the last 2 days with no joy.

I thought that maybe the [ Copy objects to another folder ] option being set to disable would fix my issue, but that didn’t work.

Thanks

mds (BOB member since 2006-05-17)

Since your user can add their own report within some folder as soon as they work on a new report (even based on an existing report) they we will be able to publish it!

I don’t think there is a real workaround …

I don’t really understand why seting up right at document level will help you …

Hi Sebastien, thanks for the reply.

The reason I was thinking of just using the single Document folder, is so that there is only one version of a report out there ( i.e. back to the old repository of version 6 ), i understand that the user can still publish over this report ( as they can in version 6 ) but at least we will not end up with multiple versions of the same report.

I’m trying to make our XI install better than our current production version 6, where we have two different sets of users, ones that can publish anything into corporate documents, and those that can not.

I suppose we can get round this with a few control reports to flag duplicates created by other users and just manage it that way :?

mds (BOB member since 2006-05-17)

The other option is to not let Team A create any reports in Folder A. They can edit existing reports, but cannot add new ones.

The team members would develop new reports in their personal folders. When they have the report built the way they want it, they simply send it to an administrator, who loads it into Folder A. (Of course, this does end up breaking ownership…)

This puts the administrator in the role of gatekeeper, at least tacitly approving all new reports in the “official” area. There are a couple drawbacks to this approach. The administrator can also end up being a bottleneck, depending on how many reports tend to get created. Also, you may end up with users who just keep the copies of the other teams’ reports in their personal folders, and starting working around the “official” structure.

Lugh (BOB member since 2009-07-16)

Hi Lugh,

Thanks for the reply, we already have most people working “outside” of the intended process, we have corporate documents, local copies, saved off versions on network drives, reports sent via BO and email.

We have nearly 40 groups, and only 3 need the ability to manage there own reports. Typically in a group 80% of the reports will be specific to there group and 20% are shared. With my current setup the 20% shared reports are held in a different folder and the group has access via there categories, at the moment there is a possibility of these shared reports being duplicated in the folder of the team. I think keeping an eye on this would be less work than being the “gatekeeper” as you suggested below.

Cheers

mds (BOB member since 2006-05-17)

Hi Lugh …

what access do Team A members have to the folder B objects ?
for example, can they modify them or do they have view/refresh access only ?

when you say they can “publish” the reports (that originate from folder B) what do you mean by publish ? can they modify the folder B object and do ‘save as’ to save it into folder A ? or can they simply use organize / copy and then organize / paste ?

can you go into more depth as to the exact mechanisms they are using to achieve the things you don’t want them to ?

richmona (BOB member since 2003-04-15)

Hi richmona,

Apologies for the late reply I was out of the office.

I created a single “content” access level for both Team A and Team B, this access level allows them to modify/add/delete content that they own.

This access level is then applied to the specific report in Folder B

I then apply an application access level set to Team B that does not allow them to export ( i.e. the button is not available in Deski )

Where as Team A does have the right to export, I decided to do it this way so that I only have to apply 1 access level to all content regardless of whether they are Team A or Team B.

A member of Team A can import the report from Folder B , then export it to Folder A, they can only see the report in there category as they do not have access to Folder B.

So i’m thinking that I should create another content access level that should be applied to specific reports that Team A needs to view/run that are held in Folder B ???

Let me know if my logic sounds okay ?

Thanks

mds (BOB member since 2006-05-17)