Does “No Access” equal denied in BO XI 3.1. In BO XI 3.1, if a user by belonging to two groups, has two rights
Full Control and No Access to a folder, would the user have no access to the folder or full control?
Does No Access = ‘Not specified’ like in previous versions?
If I want to deny the right, what right do I have to grant ( I do not see a deny right by default in BO XI 3.1). Since, I do not see a deny right, do I have to click advanced and explicitly deny the right or is No Access= deny?
No Access is the same as “Not Specified”. So if UserA belongs to GroupA (Which as No Access to FolderA), as well as GroupB (Which has Full Control of FolderA), he/she will have Full Control of FolderA.
Four fantastic recommendations when building a security model:
Use “Not Specified” instead of “Explicitly Denied” whenever possible
Do not break inheritance
Assign Access Rights at the Group/Folder level (not at the indivudual report/user level); even if you have just one user, create a group for that user and assign rights to that group instead.
Build a security matrix (in MS Excel, etc.) documenting your security design
It’s true for Xir2 but quite different for Xi3.x. Since you can override an explictly denied right without breaking inheritance you could now use this right…
So, everyone equals ‘Not Specified’…so why have that right at all?
Also, if I do not override inherited rights and Everyone is set to Not Specified and since that user belongs to the group from which it is inheriting and also belongs to Everyone…which right would user have?
The idea is that if a user is never given a right (it remains unspecified), they won’t have that right. It is true that you get exactly the same effect if you Deny the right for the Everyone group. However, if you ever DO want a user to have that right, you have to break inheritance to do so. Much more difficult to maintain in the long run.
Well, true with XI R3.x one can trump rights (without breaking inheritance), still I recommend using “Not Specified/No Access” instead of “Explicitly Denied”.