on 09-30-2014 5:15 AM
Hi
I want to create a security role that allows user to refresh reports created on a particular universe but that does not allow them to create new reports based on the same universe.
In the CMC, I select the universe and I have assigned it a customs access level I have created. In that CAL, if I don't include the right "view objects" then the users are not able to refresh the report, but that also allow them to see the universe when creating a new report and to create and run one, which I would like to avoid. Is there any way to do it?
Thanks
Teresa
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks, but that document does not describe what I am trying to do.
My requirements for one BI Application are:
- That a users group called staff can access the reports created for that BI application, which are stored in a specific folder created for that. They should also be able to refresh the report. They should not be able to create reports based on the universe for that BI application (but they can create reports for other BI applications)
That document describes how:
- How to give users the availability to either create or not reports: - my users can always create reports, it is only for one universe that they should not create reports
- How to give users access to the universe data - my users can access the universe data by refreshing an existing report but should not be able to see the universe when creating new reports.
We have already done most of the steps described there with the difference that I am using Custom access level instead of functional groups.
If I compare my set up which the one described in the document I have only one functional group called staff which can view document, refresh and create documents.
For the Web Intelligence, in CMC> Applications > Web Intelligence the staff group has a Custom Access Level that allow them to do that similar to the advanced users group in the document. (they only difference is that I save in a CAL instead of adding manually).
In terms of the public folder access, the staff group is assigned a CAL View access level which allow them to View objects, refresh the report .. it is the same that the document describe for the advance group for the public folder with the exception that I don't allow them to edit the query
At the connection level they have General > view access and Connection > data access as described in the document as well.
The document says that the advance report should be able to view and refresh reports, and to create reports for the universe they have access to. But it does not say to refresh a report but not to create for a universe.
If I now compare the settings for the BI Application:
I have only one group which is my before described staff group, since I am using CAL.
We have one folder for the BI application, or the universe in scope. I add the staff principle and give them the CAL view access.
The document says :
Here we want all members of this group to be able to view this folder and the contents of the folder. What they can then do with this folder is controlled by membership of the functional groups
In the folder of the BI Universe I give them access to Universe > View objects
By giving them access to Universe > view objects they can see the universe when creating a new document. Without this access they are not allow to refresh the document even if they see the refresh button available.
Hope it clarifies
Thanks
Teresa
I believe this is just not possible:
The Refresh (ViewonDemand) right is granted
basis for granting rights.
Meaning: For one universe with underlying universe conenction I can grant REFRESH/VIewonDeamn (VoD) rights to user A, for another user I can deny that right for user A.
But creating Webi Reports is a global right, a right granted on a
basis. This right (creating Webi reports that is) cannot be limited to a particular universe.
In other words, either user A can create Webi reports or he/she cannot. If user A has the right to create Webi reports then he/she can create Webi reports against ANY universe, he/she has been granted Refersh/VoD rights against; hence my use of GLOBAL right.
User | Count |
---|---|
89 | |
10 | |
9 | |
9 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.