Using XIr3. Put user in group, group has access to folder, universe, universe connection, and webi. No matter what I try, I cannot get the user to see the public folder when they log in.

Is there an extra step that wasn’t there in XIr2?

Please help!!

segg2009 (BOB member since 2011-09-19)

Check to see if the user is in any other group that has been explicitly denied access to the folder.

If that doesn’t work, then go to the User Security dialog of the folder. View the rights for the group. Click the 'Browse" button at the top left and select your user. The screen will then display the rights that your user has on the folder, and should indicate where the problem is.

joepeters (BOB member since 2002-08-29)

Hi and welcome to BOB

This post will help you

None of this has worked. It’s a very simple, clean setup. 1 group, 1 folder with some sub-folders. I am assigning the group view on demand rights to the entire folder. All members of the group are in this group and none other (except for everyone group). I cannot figure out why the group cannot see the folder. When I check the rights, everything is granted- in webi, general, and all parts that apply. Why can’t they see the folder? I even tried going into a subfolder and assigning the same rights on that, but it didn’t work. I have no idea what to do.

segg2009 (BOB member since 2011-09-19)

Did you also setup the right to see the top level folder?

I started the rights with the top level folder. In the last release, all I had to do was give rights to the top level folder and the group would have access to all subfolders.

So I granted VOD to the top level folder (and it states that this group has those rights granted), but they still can’t see it. I tried also granting rights to a subfolder, but no luck.

I have to be missing something or incredibly stupid. I did this hundreds of times in previous releases with no problem. They can create a new webi document and have correct access to the universe so I obviously set up rights to connection and universe correctly. It’s just the public folder that they’re missing.

Create User
Put user in Group (user is only in this group)
Give group VOD access to Folder (1 public folder with 5 subfolders)
Give group webi rights to login, view, refresh, drill, etc

segg2009 (BOB member since 2011-09-19)

Can you confirm that the Everyone group has a VOD right on the top levele folder?

I don’t want the everyone group to have VOD to that folder. I haven’t gone in and explicitly denied it, but haven’t explicitly granted it, either. In the previous release, we did deny the everyone group access to this folder.

Do they now have to have access to this folder?

segg2009 (BOB member since 2011-09-19)

Yes, but not necessarily to the folders below it.

Grant View access, but set the “Apply To” to just “Object” and not “Sub Objects”. This will allow users to see “Public Folders”, but nothing beneath it (unless, of course, they have appropriate rights there too).

Note that the “Top Level Folder” here is accessed via the Manage->Top Level Security->All Folders menu item.

joepeters (BOB member since 2002-08-29)

The folder I am trying to grant access to is one of 5 in the root folder. I don’t want the group to have access to the other 4.

The only way I’ve found to make this work is to give the group access to the top level security- all folders. But then they can see the other 4 and I have to go into each folder and explicitly deny rights for the ones I don’t want them to see.

Shouldn’t it be the other way around?

segg2009 (BOB member since 2011-09-19)

If you apply security as I described in my last post, your users won’t see the other four folders.

joepeters (BOB member since 2002-08-29)

I’m sorry, but this is not working. Here’s the folder structure.

Root Folder

folder A
folder B
folder C

subfolders C1-C5
folder D
folder E

I need the group to have VOD to folder C and its subfolders C1-C5, but not see folders A, B, D, or E. What you have described does not work.

segg2009 (BOB member since 2011-09-19)

What do you see?

I assume you have given VoD explicitly at Folder C?

joepeters (BOB member since 2002-08-29)

Correct. This has been verified.

The group can see all folders unless I go into each one and explicity deny view object on each folder.

segg2009 (BOB member since 2011-09-19)

Then you’ve granted both “Object” and “Subobjects”; this must be just “Objects”. This has to be done in Advanced Rights, sorry if I didn’t make that clear. It should look like the following:

joepeters (BOB member since 2002-08-29)

I greatly appreciate your help!

That screenshot is exactly what my everyone group looks like on the root folder for objects and subobjects. I’ve tried denying and granting everyone and the target group and nothing works except granting everyone and target group all folder access and then denying view objects at each subfolder.

segg2009 (BOB member since 2011-09-19)

You don’t have a standard access level (View, VoD, etc.) applied in addition to the advanced rights, do you? They would both combine to give the result you are seeing.

For one of the folders that your group should not see, pull up its User Security dialog. I’m assuming you’ll see your test group in there some with some form of access level. Click on the access level name (View, Advanced, etc.). This should produce a list of all inherited rights that the user has. Click on the “Source” of any of the rights to see where it’s coming from.

joepeters (BOB member since 2002-08-29)