Top Level Security & System wide Preferences

We recently promoted part of our BO 4.2 sp5 folders (including all security) to a new Cluster setup on BO 4.2 sp6. I’m struggling to find two things;

  1. when you are in the Top Level Security (folders/universes/servers) where is the Inherited From coming from? What does Inherit from Parent Folder and Inherit from Parent Group mean? We have an issue where our assigned Administrators Windows AD group is NOT able to disable/enable or stop/start the Adaptivejobserver. The options are blank even though they have Full Control.

  2. my other issue is where do I find the system controls for user Preferences? If I remember correctly, there use to be system control and the option for the users to not set preferences themselves. For example, we need to set where when Webi is launched from BI Launch Pad, a new window pups up instead of the current window refreshing.

If no one knows the answers, I’d love a link to some very good security documentation.

Thanks, Susan

mcsusan (BOB member since 2015-01-28)

Hello, Susan.

There is a level above “top level” that contains the default security assignments for the entire system (this level is the Cluster, and it’s the parent object of everything). The default default security is simply the Administrators group has Full Control.

In addition, there’s a level above Universes and Connections named “Root Folder 95”.

Since the cluster and Root Folder 95 and not visible in CMC, it’s not possible to view or change security at these levels without using the SDK. It’s possible for security here to get messed up (this happened to me in BI4.1 due to a but in Promotion Manager).

Regarding your problem. Is your admins AD group a child of Administrators? It should be, in order to get Full Control of everything.

Regarding the WebI preferences, you can prevent users from changing preferences, and you can set default BI launchpad preferences, but I don’t believe you can set default WebI preferences. I could be wrong, but I haven’t seen any way to do this.


joepeters :us: (BOB member since 2002-08-29)

joepeters - thanks for the reply.

Yes our admin AD Group is a child of Administrators. We put in a ticket with SAP. It was an issue with the promotion wizard and how the top level security came across. I was really surprised how messed up it was but we used the ‘reset’ security option for the adaptivejobservers and the folders we were having issues with.

I appreciate your help!

mcsusan (BOB member since 2015-01-28)

So… sounds like you ran into the same issue I did a couple of years ago. It’s unfortunate that that bug still seems to be in 4.2.

joepeters :us: (BOB member since 2002-08-29)