Universe folder security

security CMC
1

Hi BO Gurus,

We are trying to set up universe folder security. As of now all the universes are in Universe main folder.

Is it mandatory to have all the universes in sub-folders under universe main folder.

for example: Under Univ main folder
sub-folder1: Finance, under this all the FI universes will be saved
sub-folder2: SD, under this all the SD universes will be saved.

What are the benefilts of doing this way. Is it advisable to do like this as I need to assign the security to each folder/ sub-folder.

Can any please help me on this.

Thanks in advance
Madhuri

madhum1078 (BOB member since 2007-07-20)

2

I did not understand what you mean of Universe main folder.
Is it root folder(Universes)? or folder you created?

Arjun (BOB member since 2008-07-28)

3

Hi, Yes… Sorry for confusion. It is Root folder of Universes. Is it mandatory to create sub folders (FI, SD, …) under root folder.

Please tell me pros & cons of setting up sub-folders under root universe folder. We are using XI 3.0

Thanks again
Madhuri

madhum1078 (BOB member since 2007-07-20)

4

It is better to give the security as mentioned below:
On Root folder : Administrators: Full Control, Everyone : No Access
Now you need to add the required users/user groups for the sub folders and give the required access for those folders.

Arjun (BOB member since 2008-07-28)

5

Generally, best practice would be to use folders. Give groups rights to the folders as needed, similar to public (document) folders. That said, if you end up with only one universe per folder, there is little value.

Again, a general rule is to give rights to folders, not individual objects (documents, universes, etc.). Of courser, connections don’t give you a choice … there is no folder structure. And connections are often one-to-one with universes.

I haven’t been much help here. Personally, I use universe folders, but can easily make the argument that they are not necessary.

Dwayne Hoffpauir :us: (BOB member since 2002-09-19)

6

I don’t use folders for my universes so the way I’ve done it is as follows. It’s a little tricky setting it up but seems to work fine!

  1. Grant Everyone View access on the root folder of Universes.
  2. For each universe, firstly grant Everyone No Access. This makes sure that users can’t see the universes they’re not supposed to see when creating new reports
  3. Then for each universe, grant View on Demand for the groups that specifically need to use that universe (assuming you’re allowing refreshing of reports on demand).
  4. For the universe connections, I simply grant View on Demand to Everyone for every connection because they can’t do anything with the connection itself unless they have access to the universe

Hope this helps.
Best regards :slight_smile:

malteser (BOB member since 2006-02-21)

7

If you are using XI 3.x, you can change the approach to your point 1, so that point 2 is not necessary!

Create a custom access level that has ONE AND ONLY ONE right:

  • Under the Content collection, and Folder type (do not use General, General) …
  • Grant the View Objects right …
  • On the far right, select to apply to Object only (not sub-objects)

Now give this custom access level to the Everyone group on the universe root folder. This allows the user to see the root folder, but nothing in it. That way, by default when a new universe (or folder) is added to the root, the user will NOT see it … unless they are later given specific rights to do so.

Dwayne Hoffpauir :us: (BOB member since 2002-09-19)

8

In theory, if you have security across different universes … a developer could change the connection and get access to something they shouldn’t … a small hole, but i’d still lock down connections

Chris Pohl :us: (BOB member since 2002-06-18)