Change Custom Access Level on a personal folder

Similar Messages

• Custom Access Level

  Hi All,
  I am stuck in access control mechanism in BO.
  Can anyone forward me any documents related or brief on the custom access level & how to apply it in real, because I am failing to apply it accordingly.
  Thanks.

  Hi Marianne,
  I have given the same rights in general rights section, i have denied to add objects to folder but i have give the copy objects rights due to which they can copy the report to their personal folder due to that they got overwritting the report rights.
  Thanks.

• Can not assign custom access level with a user login

  Hi,
  I am using Business objects XiR3. When I am loging in with a user having full control access and then I select a folder added a principal from user sercurity and when I am trying to add custom access level it gave me error
  An error occurred at the server during security batch commit: Request 0 of type 38 failed with server error : You do not have sufficient rights to make the requested security changes.
  it allow me to give access to standard access levels. also when I tried to assign custom access level with administrator user, it assigns custom access level to a principal without error.
  Can any body tell me what I am doing wrong?
  Thanks in advance,
  Rajendra

  Hi Rajendra,
  You have to make sure that the user group has the right 'Use access level for security assignment' assigned as granted on the access level you created. You can find this right under System / Access Level. That should do the trick!
  Hope this helps...
  Martijn van Foeken
  Focuzz BI Services
  http://www.focuzz.nl
  http://nl.linkedin.com/in/martijnvanfoeken
  http://twitter.com/mfoeken

• Custom Access Level/User groups in BOBJ XI

  Experts,
  We are currently implementing BOBJ XI 3.1. Up on go-live, it will be handled by the Operations team from BOBJ CMC. We do not want to give administrator group for the operations users in CMC. Instead, we want to create custom groups with custom access levels.
  Ex. one for basis who will set up authentication, licenses etc
        one for the functional folks to maintain universes, export universes and set up security.
  Is there a way to set up user groups like this. We were able to successfully restrrict access just to folders, universes by creating a custom access level. But we were not able to do it on other items listed in CMC. Has anyone done this level of access before for the operations or even with in the development team instead of using administrator group>
  Appreciate your response
  Thanks
  Kee

  Hi,
  We can assign different rights to a group by creating custom access levels.
  Create a new group ,and also create custom access level and assign it to the new group.
  you can provide access to different objects to the group by adding rights to the access level.
  Under the access level > click  Included Rights > Add and Remove Rights > Under the Rights Collection > click on System.
  You  could find all the CMC object access rights can be assigned.
  Regards,
  Rameez

• Export Rights from Custom Access Level to Excel

  How can I export the rights from Custom Access Levels to Excel? Thanks.

  Hi Nancy,
  Is this what you're looking for:
  1522,Custom Access Level 1,/Custom Roles/Custom Access Level 1,CustomRole,General,General,Add objects to folders that the user owns,Not Specified,Object and Subobjects,
  This is the comma delimited output from a Security Query executed in the CMC.  You should have no problem pulling this into Excel by specifying the appropriate text delimiter.  This can be accessed under the "Query Results" section of the CMC by creating a new Security Query.
  The output represents the Object Name and ID (Custom Access Level 1 = 1522), the type of object, scope, etc.  I exported this for the Administrators group specifically, and it does have a limitation of only being able to run for a single group at a time, but will give you substantial information.
  Let me know if you'd like additional detail.
  Thanks,
  Jim

• Custom Access Level issue in XI 3.1

  Hi,
  I am using BOXI 3.1 with fp 1.5, this configuration is migrated from XI3.0.
  Earlier we have access level such that user can modify the webi report in folders but they can't overwrite the report, they can save the report in their personal folder but not in same folder or any folder under public folder.
  After migration users can't see the modify option at all, and if i gave then edit object rights then they can see the modify option but they can overwrite at the same time.
  Is there any other rights which i need to provide.
  Thanks for the help/suggestion.

  Hi Marianne,
  I have given the same rights in general rights section, i have denied to add objects to folder but i have give the copy objects rights due to which they can copy the report to their personal folder due to that they got overwritting the report rights.
  Thanks.

• Security and access levels

  I have created 4 users access levels, however, when I try to implement, when I keep inheritence, default security keeps coming up,   e.g. try changing everyone to my new access level and I get the new access level, but I also get view (inherited) - how can I "clean out" the old security settings??

  Sorry for the delay!
  OK, here's our situation - it's pretty straight forward;
  1500 users
  1500 (all) users in Everyone
  Of the 1500 users in Everyone;
  1200 in subgroup A
  200 in subgroup B
  90 in subgroup C
  10 users in Administrators
  4 universes
  1 connection
  Goal:
  Everyone and subgroups, same as admin, exception: can't delete or save to "corp" doc's.  My thought is to use same access level, then use the advanced configuration on the folders to prevent everyone from deleting any "corp docs"
  I have applied this access level to everyone and admin at;
  application > infoview, webi. cmc, deski, discussions, search
  universes > all 4
  connections > the 1
  folders > root folder,  level 1, denied access to everyone accordingly on level 2
  I have also added this access level to the top level security for users and groups
  Issues; 
  1. When I check the access level for everyone on folders, level 1 and below, I get the custom access level as inherited, but also view aslo as inherited.
  2. The users added to the admin group do not have same rights as the "administrator - for example, administrator can delete objects in the folders, but other users (within admin group) can not?  if I manually add the users to the folders, I can get this to work,  but doesn;t make sense, why would a user within a group have different rights, than any other user within the same group, with the same rights???
  Hope this helps!
  Edited by: Michael Bujarski on Jun 5, 2009 3:56 PM

• Access level - unknown rights

  Hi,
  I was trying to create customer access level in CMS, but when I tried include some rights into it, I failed because in the name field of many rights I see "Unknown right", so I don´t know which right is for what.
  for example
  Collection Type Right Name
  Application CMC Unknown right
  General General Unknown right
  The same it is in predefined access levels Full Control, View, Schedule... there is a lot of rights with name "Unknown right" only few of them are filled with correct name. I was thinking it´s some king of bug or language problem.
  Version of my BOE instalation is 12.3.0.601.
  Any help is welcomed.

  Thanks for really quick respond.
  I tryed this solution about two days before, but it didn´t work for me. I´m located in Slovakia, so I was also trying to change language to English in internet explorer and on machine where the BOE is installed but it didn´t help. BOE was installed in English.
  I have also another problem with access levels. When I create new access level and pres button Add/Remove rights it give me this error. Maybe the cause is the same in both this issues, maybe it´s absolutely diffiren problem.
  Exception report
  message
  description The server encountered an internal error () that prevented it from fulfilling this request.
  exception
  org.apache.jasper.JasperException
  +     org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512)+
  +     org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:395)+
  +     org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)+
  +     org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)+
  +     javax.servlet.http.HttpServlet.service(HttpServlet.java:802)+
  +     com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:346)+
  +     com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:152)+
  +     com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:107)+
  +     com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:245)+
  +     com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:137)+
  +     javax.faces.webapp.FacesServlet.service(FacesServlet.java:214)+
  +     com.businessobjects.webutil.boetrustguard.BOETrustedRequestCreator.doFilter(BOETrustedRequestCreator.java:96)+
  +     com.businessobjects.webutil.boetrustguard.BOETrustFilter.doFilter(BOETrustFilter.java:83)+
  +     com.businessobjects.webutil.TimeoutCheckerFilter.doFilter(TimeoutCheckerFilter.java:99)+
  root cause
  java.lang.NullPointerException
  +     com.businessobjects.clientaction.customrole.includedrights.IncludedRightsBean.initRightsForSelectedPlugin(IncludedRightsBean.java:212)+
  +     org.apache.jsp.jsp.CustomRole_005fIncludedRights.rights_jsp._jspService(rights_jsp.java:148)+
  +     org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)+
  +     javax.servlet.http.HttpServlet.service(HttpServlet.java:802)+
  +     org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334)+
  +     org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)+
  +     org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)+
  +     javax.servlet.http.HttpServlet.service(HttpServlet.java:802)+
  +     com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:346)+
  +     com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:152)+
  +     com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:107)+
  +     com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:245)+
  +     com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:137)+
  +     javax.faces.webapp.FacesServlet.service(FacesServlet.java:214)+
  +     com.businessobjects.webutil.boetrustguard.BOETrustedRequestCreator.doFilter(BOETrustedRequestCreator.java:96)+
  +     com.businessobjects.webutil.boetrustguard.BOETrustFilter.doFilter(BOETrustFilter.java:83)+
  +     com.businessobjects.webutil.TimeoutCheckerFilter.doFilter(TimeoutCheckerFilter.java:99)+
  note The full stack trace of the root cause is available in the Apache Tomcat/5.5.20 logs.

• How to include group access level in a ws call

  I want to include a Group Access Label in a Permission for a Course using an iTunes web service call.
  I don't see how to do this in the docs.
  (The example in iTunesUAdministratorsGuide.pdf at page 111 doesn't include the Group Access Label.
  And it's not in the schema for the ws xml document at http://deimos.apple.com/iTunesURequest-1.0.xsd)
  Is this an obvious omission or am I missing something? Anyone know how to do this?
  Background:
  We're creating most Courses programmatically.
  Obviously, we'd strongly prefer not to require an administrator to go into every Course and manually add a common Group Access Label to the Permission. (This manual piece is essentially what's now missing from the ws call or at least from my understanding of it.)
  Either way -- manually by an administrator or programmatically -- our instructors would then be able to set Permissions themselves on any Group they create -- doing this themselves and without the help of an administrator.

  To resume with a little progress made:
  I have a Section
  * with Access Level == Edit for Credential == Instructor@...${IDENTIFIER} with no Group Access Label, and also
  * with Access Level == Download for Credential == Student@...${IDENTIFIER} with Group Access Label == Student.
  I'm doing ws calls to add a Course including an identifier. This is successful, and I can then go into the iTunes client as Instructor@...${IDENTIFIER} (substitution made) and manually add Groups and change Access to each individually. (I'm adding Groups "Download", "Shared Uploads", and "Drop Box", changing the Access Level accordingly for Group Access Label "Student".
  But naturally I want to do the manual part programmatically, to save n instructors from having to learn how to do this same thing and then to do it.
  So I'm trying to change my ws call to add the Groups, including Permissions. Schema http://deimos.apple.com/rsrc/xsd/iTunesURequest-1.1.xsd doesn't include Group Access Label for Permission. What does this mean?
  I've tried the actual Credential == Student@...${IDENTIFIER} (with IDENTIFIER substitution made before the call) and also Credential == Student (to see if I'm supposed to match the Group Access Label, instead).
  For either of these trials, the ws call successfully adds the Groups and a ShowTree includes the Permissions for the Groups. But in the iTunes client user interface, it's as if I gave no Permissions in adding the Groups.
  Am I approaching this wrong or is there a bug here?
  (I haven't tried yet a separate call to add the Group Permissions, not wanting to suffer the processing wait of getting handles for the three Groups.)
  Anyone else doing this? (successfully or not ) Thanks.

• "Orphaned" rights in an access level?

  Odd one here.  I query for an access level (SI_KIND = 'CustomRole'), then iterate through the Role Rights collection.  I am finding some rights included that are not shown on the Access Levels screens in the XI 3.x CMC.  Specifically, entries with an .ApplicableKind of "Federation" and .Kind of "QaaWS" and "MetaData.MetaDataRepositoryInfo".
  To try it for yourself, make a copy of any of the built-in roles, then in the CMC set EVERY right to not specified.  The CMC will show absolutely no rights in the access level at all.  YET, with the SDK you will still see the rights I mentioned before included.  In one case, I have built a custom access level by cloning an existing one, and can find no way to remove these "orphaned" rights via CMC.
  So two questions I guess.  What are these and are they somehow important (or just "leftovers" from development stuff)?  If they can't be removed via the CMC interface, I would like to remove them from my custom access level via SDK, yet I can't find a method there either.  Am I missing something?
  FYI, Enterprise COM SDK if that matters.

  In the CMC, only those rights that are configurable (i.e., public) are displayed.
  Some are hidden, since they're not public - the ones you're looking at are, I think, internal ones.
  By the way, Enterprise COM SDK was deprecated with XI Release 2, and no longer supported for XI 3.
  Some internal stuff uses the Enterprise COM SDK still, but no guarantees that it's not going to disappear some day in XI 3.x
  Sincerely,
  Ted Ueda

• Can you copy default Access Levels in 3.1?

  Hello,
  We are trying to create custom Access Levels that are slightly different than the default levels (i.e. Full Control, View, View on Demand, etc.)
  However, when we right-click on the Access Level it acts like it is copying, but it does not create the copy.  If we create a new Access Level and call it Test....we can copy that and it results in a Test(2) Access Level.
  It is like the default Access Levells cannot be copied/cloned.  Looking for confirmation one way or another that this can be done or not.
  Thanks.
  Kevin

  You should, there was a bug in 3.1, unfortunately. I did see that it was escalated. If you need this functionality ASAP then open a message with support so they can attach your case to the escalation too and you can get an update when it's released.
  If you have a 3.0 system available you can copy from there and migrate via import wizard. Not much of a work around I'm afraid... But a patch should be coming in a few months if not sooner.
  Regards,
  Tim

• HR Work Center Persons folder

  Hi,
    I would like to sychronize the PERSON's From 1 HR Work Center(A- HR) associated to a Work Center (A) to another HR Workcenter(B-HR) associated to Work Center (B).  I would like to do this because I maintain to differenent Work Centers different plants but the share the same PERSONS.
  I would like to be able to mass upload the contents of the original  HR work center Persons into the new HR work center.
  I have approx. 90 Work centers to convert and would likd to automate the process.  Does anyone know of a Bapi I could use to achieve the upload.
    Of course, after the initial upload we would not want the user to update the same info in both work centers so we would use the Bapi to update the contents of the new Persons follder in the HR work center(B-HR) with the changes occurring the original work centers Persons folder(A-HR) .
    Of course, if anyone has a simpler way of maintaining the synchronization I would love to hear it.
  Antonio

  Hi Fernando,
  For HR work center assignment, the icon in the assignment area is a yellow-colored folder.
  For org unit, on the other hand, it is the gray-colored rectangle.
  Moreover, if you select "change layout" button at the top of "assignment" area and add key to displayed columns, that key is A for work center and O for org unit.
  Is this what you're asking or are you looking for some other answer?
  Regards,
  Dilek

• Access Level Management for Lync2013

  In Microsoft Communicator 2007, there was an option to set the 'Access Level Management' as a global setting. Is this feature still available in Lync 2013 apart from setting the 'Access Levels' for each contact individually. 
  Since we migrated from Microsoft Communicator 2007 to Lync2013 and we needed to change some 'Access Levels', I wasn't able to do so. So would like to check if this feature can be enabled or disabled at the global level. 
  Thanks. Any suggestions would be highly appreciated.
  BR,
  Frieda

  Hi,
  In Lync 2013, you can view the contact in turn of Relationship as following:
  You can modify the relationship of the contact by right click the contact, and choose "Change Privacy Relationship", then you can choose the relationship you want such as Workgroup, Blocked Contacts.
  Best Regards,
  Eason Huang
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Eason Huang
  TechNet Community Support

• Access Levels to change Universe

  Hi
  I have created a WebI template (with formated layout) based on a kind of 'dummy universe'.
  The goal is that some 'power users' should be able to copy this template to their favorites and then change the universe to one they are allowed to use.
  These 'ad hoc ' universes are accessible when you create a new webi report but when you want to change it to one of the other adhoc univereses then they are not viewable.
  The current access levels let the power users choose an universe to work with. So that's OK.
  But rights in the Access levels should be set on the universe (sub) folder where these adhoc Univ's are stored?
  I assigned already these rights to the universe folder:
  System - Connection   => Data Access   
  System  - Connection   => Use connection for Stored Procedures   
  System  - Connection   => View objects   
  System  - Universe       =>  Create and Edit Queries Based on Universe   
  System  - Universe       =>  Data Access   
  System  - Universe       => View objects
  We're working with BOE XI R3.1 sp 3 fixpack 5
  Thx in advance for your answers
  JP - BO Admin

  Hi Jean-Pierre,
  The only thing that comes to mind is the possibility that the universes are in a different domain, meaning different repository, etc. Do you all log into the exact same CMS/Infoview server?
  If that is not the issue, then try creating a new user with the same access rights as yours, the one that can access the other universes, and see how that works, then change theirs to match, and then restrict them as necessary.
  Hope that helps.

• Access level changes captured in Auditing ?

  Hi, do auditing capture Access level changes / modifications in the CMC and how i can access them.
  Need to know. Thanks. Toor.

  Thankyou for the replies. I kept the following coding in the Exits. The problem is that i kept the break-point in the three exits and after running ME22N,its entering first into Exit 16 and after checking the field(Check Box) in Customer Data Tab ,its entering  into Exit 17. But the zfield in I_EKPO is empty,the value 'X' is not reflecting here. Please suggest where i am doing wrong. I went through many SDN threads and i am unable to solve the issue.
  INCLUDE ZXM06TOP.
  data: gl_aktyp type c,
        gl_no_screen type c,
        gl_ekpo_ci like ekpo_ci,
        gl_ekpo like ekpo,
        gl_ucomm like sy-ucomm.
  data:  gt_ref_ekpo_tab type table of ekpo_tab.
  EXIT_SAPMM06E_016
  gl_aktyp = i_aktyp.
  gl_no_screen = i_no_screen.
  ekpo_ci  = i_ci_ekpo.
  gl_ekpo = i_ekpo.
  EXIT_SAPMM06E_017
  move-corresponding i_ekpo to gl_ekpo_ci.
  gl_ekpo = i_ekpo.
  EXIT_SAPMM06E_018
  e_ci_ekpo        = gl_ekpo_ci.
  if gl_ekpo_ci-zz_vend ne ekpo_ci-zz_vend.
    e_ci_ekpo-zz_vend = ekpo_ci-zz_vend.
    if gl_aktyp ne 'A'.
      e_ci_update = 'X'.
    endif.
  endif.
  Regards
  K Srinivas