We are currently on XI R2 and will go live on XI 3.1 very soon. We installed XI 3.1 in a new server, and plan to keep the currnet XI R2 server as the restore plan. Is there a way to disable all users on XI R2 easily? Although we have informed the users about the new URL for XI 3.1, I am afraid some users will still use the old URL. I want to be able to log into XI R2 after go-live myself, but to prevent users from logging into XI R2.
CMC --> BusinessObjects Enterprise Applications --> Infoview, select the Rights tab and click on Advanced for Everyone Group and set Not Specified for this right “Log on to InfoView and view this object in the CMC”.
I cannot check this at my site now, however you could try this and update us if this was useful.
That ain’t going to work. Remember, ‘Not Specified’ doesn’t always mean that the right is denied. If that user belongs to another group and has greater right, he will then enjoy the greater right.
Preventing users from getting into InfoView will not help. What if the users use DeskI for Adhoc reporting? Also, how often will you be logging into XIR2? If not often, then I would recommend you to stop the CMS on XIR2. Hope that helps.
Thanks for your prompt responses. I will log into XI R2 after go-live on 3.1 only when I need to double check users’ access. I am afraid some users might lose some access rights although I have tested the security rights in 3.1.
I think I will stop CMS in XI R2 as you suggested.
If you stop the CMS no one can logon to Business Objects that includes you even if you want.
I would suggest disable all users expext administrators or some other group so that no one can logonto Business Objects except that group.
When something is not working in XI3 and have to logon to R2 for lookat some settings and don’t know how much time it takes. In that case how much time you can turn on the CMS.
You can disable all the users or somegroups with a single click. Disabling users also couple of minutes work.
I agree with you. Everything needs to tested before going live.
In our case we are running both R2 and 3.1 for 1month. In this time users are disabled on the R2 and can logon to 3.1 only.
Since 3.1 security is different, we are desiging it from scratch. So if the user complains that he is missing something in 3.1, then administrators can logon to R2 and check things there.
If you don’t want to logonto R2 for anything, yes, i’d suggest stopping the CMS.
Thanks All. We have thousands of users. Ideally, I want to be able to log into XI R2 anytime to check access settings, but users can only log into XI 3.1 in order to avoid any confusion. How to disable all LDAP users in a single click?
BTW, I have been doing a lot of testing, but I am the only person who is working on the upgrade since the beginning. I am not surprised if I missed some access settings, since XI 3.1 and R2 is so different.
I wonder if I uncheck the “LDAP Authentication is enabled” under CMC > Authentication > LDAP tab, will this prevent all LDAP users log in? I hope this will not delete all LDAP groups/users.
Do you have two links (java and .net) up for infoview? If yes, which link does your Users use. Stop the app service in CCM for the Users link. And when you want to check their permissons you can use the other link. Anyways, you will be checking the permissions using CMC so you should be fine.
(BOB member since 2008-01-09)
(BOB member since 2007-08-02)
. Disabling all the users is not very easy when you have got thousands of users.
(BOB member since 2004-12-09)