Hi,
yes, it means placing users in more then one group (see this topic https://bobj-board.org/t/29472.
Making it more difficult for a user to publish…hmm, well for that reason users are not allowed to publish reports. They can ask to get them published, or they can send it to different user/usergroups. We don’t want a messy corporate structure with lots of garbage in it, but it depends on your organisation.
When using a good naming convention, you can avoid many problems. Our groups which are used for document security, all start with RPT_ (=report), which makes it easy for the publishing user to see to which groups the document should be assigned.
Well…it’s BusinessObjects so it’s far from perfect… 
…I personally think that security is a nightmare…it’s garbage and makes for a lot of stress…but we’ll have to work with it 
Gerard
highandstoned 
(BOB member since 2005-08-01)