Folder Level Security

What is the easiest way to do folder level security in BO Universe. I have about 10 class in my universe. Based on who logs in and use the universe i want to hide 5 folders. Can you please advice or refer me to a document

Hi,
In designer level we can set security based on based on users and on objects. in designer go to tools-> manage restrictions-> manage access restrictions -> add/hide users and objects.
Cheers,
Suresh Aluri.

Similar Messages

  • Edit Folder link always is visible if Item Level Security is enabled

    Hi,
    When Item Level Security is enabled in a folder, it show the 'Edit Folder' link, instead if the user is not authenticated.
    Does anybody know how to remove this link???
    Thanks.

    We to have experienced this behavior. Is this a bug?
    The Edit Link generated does not allow the user to "edit" any items, but shows the Administration link. This is not a good thing. This makes using Item Level Security very difficult, from the standpoint of User Interface and confusion.
    We are looking into creating a portlet to dynamically generate an "Edit Folder" link to replace the current one. However, we have doubts this will work.
    Dean
    - Solaris
    - Portal 3.0.9.8.2
    - 8.1.7.3
    (Awaiting Release 2!)

  • Object Level Security in OBIEE 11.1.1.5

    Hi All,
    I am trying to implement object level security for certail groups. We have BI Apps 7.9.6.3 implemented in whch obiee 11.1.1.5 is integrated with EBS R12. Users are able to login through diffrent responsiblities to OBIEe. I need insight into how to implement object level security. Below are the steps whihc i have followed but still i am facing strange issues i.e. some users are able to see dashboards which they have no access with view display error. I checked in dashboard permission. They do not have access
    1) Created application roles in OBIEE with the same resposiblity names
    2) Grouped the application roles in diffrent groups. I.e. if application roles a,b,c should have access to dashboard x then i made b and c member of a.
    3) Configured security in manage previleges and catalog for these application roles i.e. i used application role a mentioned in step 2 in manage previleges etc.
    4) Restarted the BI server and presentation servers.
    Are there any other steps which should be followed apart from above mentioned steps. Do i have to make use of groups.
    Regards,
    Sandeep

    Sandeep Saini wrote:
    I checked the inheritance. I did a lot of investigation but it is weird. My purpose of asking the question was to find out if there are any bugs in version 11.1.1.5 otherwise i didn't see any issues.
    There are a couple of bugs related to the issue but I have checked that on 11.1.1.5.5 and its works as expected.
    Bug 13982971 : PERMISSIONS ON WEB CATALOG OBJECTS NOT APPLIED IMMEDIATELY
    In case you see anything like this -> QA:USER WITH NO ACCESS OVER A FOLDER IS ABLE TO RUN ANALYSIS REPORT CONTAINED then [Patch ID 15626966]
    1) I want to check if there are any components i.e. BI server, presentation server or any other service that should be started after creation of application roles. I started only BI server after creating application rolesAny changes made to the Application policies should need a restart of admin and managed server however if you are not creating policies just Roles with similar names OPMN restart should be good to see the changes made.
    2) I made use of application roles throughout in object level security . Is it the correct approach ?Yes that is the right approach to use application roles for defining object level permission settings throught, do not go for catalog groups its makes it nasty to manage. Here is the quote from Sec Guide : " Using catalog groups is not considered a best practice and is available for backward compatibility in upgraded systems."
    3) To check if there are any object level security related bugsThere might be more than once mentioned above since 11.1.1.5 .. I do not trust that version it bites a lot ;)
    And to explain step 2 lets say there are n number of application roles which should have same object level security but diffrent data level security. In that case i made all such application roles member of another application role and configured object level security for that group only. For ex in manage previlege i configured "Access to Answer" for one application group and made other application group member of this group. I hope its clear now .Grouping of Roles with other similar roles is what needs to done to get functionality like catalog groups.However a reference of the 5 basic rules is always a lifesaver : [Rules for Inheritance for Permissions and Privileges|http://docs.oracle.com/cd/E29505_01/bi.1111/e10543/mgrgrpsusers.htm#autoId16]
    Hope this helps.!
    SVS

  • Database Level Security not working ???

    The 10 g (10.1.2.1) documentation states the following:
    Chapter 7 Controlling access to information:
    "Regardless of the access permissions and task privileges that you set in Discoverer Administrator, a Discoverer end user only sees folders if that user has been granted the following database privileges (either directly or through a database role):
    ex: SELECT privilege on all the underlying tables used in the folder "
    So how come a folder (view in my case - not table) cannot be queried directly by a user, but the folder still shows up a choice when building a report using PLUS ? I am misreading the above ? For is sounds lilke to me if the user account does not have SELECT privilege then they will not see the folder in Discoverer ?
    Anyone run into the same issue or have an explanantion ?
    thanks
    OBX

    I think the user has access to see all the folders in the business area in Discoverer if he has permission to do so. This is a Discoverer level security to filter people who should not have access to the business area at all. You'll find that although they can see these Discoverer folders because the permission is set in Discoverer Administrator, that the database tables they are based on will not allow the users to see any of the data if they don't have those rights at the database level.

  • Item level security...

    We have an out of the box solution where users can log there meeting minutes in a custom list. The security of the site consists of about a 100 SharePoint groups which are being used throughout the site collection with different permissions.
    For the purpose of this solution we have each group belonging to one of four logical roles (Directors, Power Users, Employees (Internal) and Employees (External). There are about 50 groups that fit the role of Employees. We want to make sure that users can
    access only the items if they belong to this logical role. That means that an item created by employee has to be accessible by 50 groups.
    What would be the best practice to apply security in this situation since for item level security it would require that inheritance be broken at item level and 50 groups added to the permissions of that item.
    Regards

    We are often discouraged from using folders, but security is one place they are quite useful. Create one folder for each of your top level groups (Directors, etc), break inheritance on the folder and assign your 50 groups. Upload a file to the folder and
    all of the security you need has been applied. You general users don't need to know about the folders. Create view that "Show all items without folders". Keep one view with folders displayed for uploading files.
    Mike Smith TechTrainingNotes.blogspot.com
    Books:
    SharePoint 2007 2010 Customization for the Site Owner,
    SharePoint 2010 Security for the Site Owner

  • ACL - ILS (Item Level Security) for Content Server & WebCenter Spaces

    We're trying to implement Item Level Security (ILS / ACL) for Webcenter spaces. We're following the instructions from the Oracle® Fusion Middleware Administrator's Guide for Oracle WebCenter 11g Release 1 (11.1.1.5.0) http://docs.oracle.com/cd/E15586_01/webcenter.1111/e12405.pdf
    After making the configuration changes, we're unable to see the "Security" option from the "File" menu in the Document explorer. Has anyone else implemented this feature and ran into similar issues?
    I made the following configuration changes:
    UseEntitySecurity=1
    SpecialAuthGroups=SecurityGroups (comma separated list with no spaces and the application name is included)
    CS: Version:11gR1-11.1.1.5.0
    DB: 11.2.0.2.0 ---Oracle Database 11g Enterprise Edition
    WebCenter: 11.1.1.4.0 (in a clustered environment)
    Also, we're looking at the document properties in webcenter spaces via document explorer and do not see the "security group" or "accounts" metadata fields. We can see the "Content ID" and a whole bunch of fields and do not see "security groups" and "accounts". However, when we log into the content server and look at the folder or file "info" we can clearly see the security group and account values...not sure what is required to make these two fields show up in webcenter spaces.

    Hi ,
    Do you upload the documents from spaces or from UCM side ?
    When you say the security and account field are not displayed , is that when viewing the content or during update ?
    When the ACL features are turned off do you see the above fields ?
    Thanks
    Srinath

  • Folder level function

    I imagine this will be rated as today's dumbest question.
    But I've seen a couple of responses to queries where the response has been to place the code/script at 'folder level' or as a 'folder level function', then they might add something like 'at button level'.  Well the latter is obvious to me, but what do they mean by 'folder level' in regard to scripting in LiveCycle ES?
    Thanks,
    Peta

    Hi Peta,
    Some functionality is considered a security concern, for example silently saving the form with a specific file name and in a specific location.
    In order to achieve this, you would need a trusted function. This is a specific script that is contained within a .js file.
    You would need to place this file in the correct folder so that Acrobat sees it when it is booting up and automatically loads this trusted function. There is a screenshot here that shows the folder:
    http://forums.adobe.com/message/2268264#2268264
    You would need to place the .js file in this specific folder on every computer that is going to use the form.
    There are a few discussions on the forums on this topic.
    Hope that helps,
    Niall

  • WWSBR_ALL_ITEMS and item level security - BUG?

    Hi,
    View WWSBR_ALL_ITEMS does not seems to work correctly when using item level security on a folder.
    If I add an item to a folder with item level security enabled and do NOT define any special access settings for this item, ie the item setting is "Inherit Parent Folder Access Privileges", then the view does not return the item.
    Has anyone else run into this? Is it a bug?
    Any help appreciated.
    Portal 3.0.9.8.0
    Oracle8i Enterprise Edition 8.1.7.0 - 64 bit
    IBM AIX 4.3.3

    I've been informed that patch 3.0.9.8.2 will solve the problem. Sorry about the double post.

  • How to use Item Level security

    I am working on portal 9.0.2.6.18.
    I have a folder with 1000 items. I want to grant groupA
    access to 997 items and
    (Group B,GroupA) access to 3 items.
    How do i do this.
    Here is what i tried:
    1.enabled item level security on folder
    2.granted folder level access to groupA and groupB
    3.Changed access of 997 items to grant access to GroupA
    4.Did nothing to the 3 items which i wanted to give access to GroupA,GroupB
    Is there a better way of achieving this?
    I am not really comfortable granting folder level access to groupB, because if i miss overwriting privileges of an item (in step 3), then groupB will have access to that item. I would love to change just 3 items because they are the exception.
    How is this feature supposed to be used?
    Thanks
    Harish

    Martin,
    Thanks for the reply. I just cited 1000 items folder as an example. We have various complex combination of security requirements for folders and items. So creating sub-folders for each combination will not work for me.
    Everytime the security requirements change we have to move the items around, which can confuse users. And sometimes we have to create sub-folders to workaround the item-level security problems even when there is no logical business classification to a set of items.
    Harish

  • ACL - ILS (Item Level Security) for Webcenter Spaces

    We're trying to implement Item Level Security (ILS / ACL) for Webcenter spaces. We're following the instructions from the Oracle® Fusion Middleware Administrator's Guide for Oracle WebCenter 11g Release 1 (11.1.1.5.0) http://docs.oracle.com/cd/E15586_01/webcenter.1111/e12405.pdf
    After making the configuration changes, we're unable to see the "Security" option from the "File" menu in the Document explorer. Has anyone else implemented this feature and ran into similar issues?
    Also, we're looking at the document properties in webcenter spaces via document explorer and do not see the "security group" or "accounts" metadata fields. We can see the "Content ID" and a whole bunch of fields and do not see "security groups" and "accounts". However, when we log into the content server and look at the folder or file "info" we can clearly see the security group and account values...not sure what is required to make these two fields show up in webcenter spaces.

    Hi ,
    Do you upload the documents from spaces or from UCM side ?
    When you say the security and account field are not displayed , is that when viewing the content or during update ?
    When the ACL features are turned off do you see the above fields ?
    Thanks
    Srinath

  • Enabling item level security

    Hi,
    We are using portal version 3.0.9. We are trying to implement security at the item level and have super-user rights. According to <http://portalstudio.oracle.com/help/sblgrapi.htm>, if you scroll all the way to the bottom it says that "You cannot enable item level security for items in the Portlet Repository content area." I am assuming that this Portlet Repository content area is referring to the Administer->Display Portlet Repository ->Seeded Providers -> Portal Content Area -> Content Areas
    The items that we want to secure are currently in the folder called "other providers" but I can also access the items from within the portal repository content areas.
    So far I have been specifying access to the page, the category, the folder, and the item, and when I log in as a view only user I still can see things that I shouldn't. Perhaps, it is because it is somehow still in the repository?
    I think that I am missing a step somewhere. I have cleared inherit privileges and enable item level security wherever I could find that option while editing. Has anyone successfully added security to even a folder?
    Thanks in advance.
    Best Regards,
    Lindsay

    Lindsay,
    I'm not sure if this is what you are looking for, but you can secure access to portlets that are shown in the portlet repository
    through the Access tab that is available when you "Edit" the portlet entry in the Edit Folder view of the Portlet repository.
    [ol]
    [li]Go to the portlet repository
    [li]Navigate to the appropriate folder
    [li]Edit the folder
    [li]Click on the Edit link beside the portlet of interest
    [li]Click on the Access tab
    [li]Turn on access control and specify privileges on the portlet.
    [ol]
    See if this is what you are looking for, or let me know if I'm off base.

  • Change item level security using wwsbr_api.modify_item

    Hi.
    Im using wwsbr_api.modify_item for change item level security.
    Its code for change type access for item of my procedure
    l_masterid := portal30.wwsbr_api.modify_item(
    p_master_item_id => 7061,
    p_item_id => 7062,
    p_caid => 136,
    p_folder_id => 1,
    p_display_name => 'test',
    p_region_id => 5,
    p_access_level => portal30.wwsbr_api.item_access,
    p_text => 'test change item security',
    p_addnewversion => true, -- My content area have item versioning
    level is audit
    After execute my procedure access type = folder.
    I see in wwv_things table new record
    masterthingid = 7061,
    id = 7064,
    security = 'folder'
    How to change item level security programmatically?
    Thanks

    Jerry,
    Please forgive me for persisting with this, and thankyou for your continued patience, but let me try to explain the issue I'm having in another way...
    I have a function that calls wwsbr_api.modify_item to change, say, the description. In this case "description" is the one and only thing I want to change about the item. As you've described above, I am able to query most things associated with the item (via wwsbr_all_items, wwsec_api.grantee_list, etc) so that I can pass current values to the wwsbr_api.modify parameters. However, I haven't found a way to query the current level of access control for a given item (i.e. wether it is currently set to ITEM_ACCESS, FOLDER_ACCESS, or null). As documented, I can force the item to be ITEM_ACCESS or FOLDER_ACCESS. However, I don't want to force a value and as we have concluded, passing null will nullify the current state.
    So, in summary, an answer to this question will solve my problem:
    Is it possible to query the current access control level of an item (either directly via one of the published views or indirectly via one of the views)?
    If the answer is yes - great that solves my problem. How please?!?!?
    If the answer is no - this must be a bug is it would mean that it isn't possible to use wwsbr_api.modify_item without inadvertently altering the current access control level of the item.
    Again thanks for your patience...
    Mark

  • Item Level Security - Performance impacts

    We are planning to use Item Level Security but have read in the help that this means folder caching is not used. This will mean a performance degradtion.
    Has anyone used Item Level Security and ran into performance problems ?
    If so any guidelines on what is an acceptable limit in turns of size of content areas, number of items etc.
    Thanks
    Simon.

    I'd appeciate a reply as well. For now I've been using content as a PL/SQL stored procedure in a package and then wrapping is_logged_in code around it. It works but isn't cusomizable.

  • Folder level permission not working

    Hi,
    I have created a user Test_sup and assign few finance roles in BI system.I have imported these users and role to business object system and then i created an Enterprise  group Financial reports and add the Sap roles as sub group and the test_sup is also member of the Financial reports parent group.Now i assigned the user test_sup on a folder called security and assigned the customized access level which i created and removed the folder inheritance.
    Now when the test_sup logs in BI lauchpad he is able to see all the folders as well security folders.But i need to restrict the user by only access to security folder which mean he should only see the folder security and not all folder .
    Pls let me know if i ahd made any mistake above as it is not working .

    Hi,
    So it mean i should alter the standard access level of Everyone.
    Also i am also not able to remove Everyone and Administrator group on any folder .The tab remove is faded.
    Below is the User security of my folder Security
    Administrator
    DB1~100/TEST_SUP
    Everyone
    Financial Reports_test
    Pls clarify

  • REQUIRED FOLDER LEVEL AND APPLICATION ACCESS

    Dear Expert,
    I am new in SAP BO admin, I want folder level access and application level access.
    My senario as below
    FOLDER ABC HAVING 3 SUB FOLDER LIKE FOLDER 1 , FOLDER 2 AND FOLDER 3.AND ALL THE FOLDER HAVE SOME DASHBOARD INSIDE.
    I have created 3 users
    USER 1 CAN VEW ONLY FOLDER 1 DASHBOARD
    USER 2 CAN VIEW ONLY FOLDER 2 DASHBOARD
    USER 3 CAN VIEW FOLDER 2 AND FOLDER 3 DASHBOARD.
    Please share me step by step guide.
    Many Many Thanks In Advance.
    Regards,
    Divyesh Patel

    Hi Patel,
    pls check the below threads
    Folder Level authorisations
    Folder level authorization in BO 4.0
    Securing Business Objects Content – Folder Level, Top Level and Application Security
    User Authorisations
    User Authorization in CMC?
    Note: after assigning access to  sub-Folders ,we need to assign access to root folder also to users.
    Hope this Helps,
    Sundar Kumar

Maybe you are looking for

  • MacBook Airs announced yesterday, a few questions (model numbers especially)

    Hello - does anyone know the model number fot the core i7 MacBook Airs that were just announced yesterday?  I can find the model numbers for the core i5 models, but not sure if the core i7's are considered different models or are just only available

  • BPM Co ntainer Variable

    In BPM I am receiving a Message and after that I am transforming that message to a different format, but before that I want to copy the initial message to a variable, how can we do that?

  • Database-Searching for dates

    If I enter in an exact date (such as 7/9/06) in my database's Find layout that matches an existing record then AppleWorks finds the record. But I want to find all records that contain ANY date in the date field. If I type in a character in the date f

  • Apple Mobile Device USB Driver, failed install on WIN7 PC

    I have a PC with Windows 7 OS 64 bit. Loaded iTunes software on PC. Trying to sync iPhone 3G. Error message: Apple Mobile Device USB driver will not install. Yes, I have internet connectivity and automatic updates are enabled. Thoughts?

  • Clearing "other" data on your iPhone 4

    I am looking for an Apple - Based solution for examining and clearing the iPhone data known as "Other" through iTunes. If not an Apple solution, maybe a third party software that allows one to go in and take a look at exactly what occupies that space