Java Security Model for Web Apllication Security

Hi,
Any one can tell me about Java Security model used in web site protection. what are th eAPI's used to implement this model on Websites.
I am keen to know only about the Authentication and Authorization secutiry.
Thanks,
Vivek

Hi Ram, thanks for reply. I appreciate your comments.
This is a very interesting topic because we need to know how much flexibility we have in order to apply security policies to our services. After all, SOA is about flexibility (with appropriate level of control), isn't it? :-P
Option 1 (WSDL files) is a reasonable one. We could create "views" of the same service using ESB. But I'm concerned if this approach ("Security Oriented Views" of a service) can lead to difficulties in operational governance and appropriate discovery and reuse of the service.
Option 2 is also something to be concerned, as we could end up designing "Security Oriented Architecture" :-P
Option 3 (Customization through OAM) is also reasonable, but I don't know if this is really possible to achieve since OAM is mostly related to web resources. It would be nice if we had a chance to implement this in WSM instead.
Denis
Message was edited by:
[email protected]
Message was edited by:
[email protected]

Similar Messages

  • Self signed certificate for web service security !!

    i've created self-signed certificate using keytool for web serivce security. But i'm unable to implement from the client side. When i'm giving "dn=localhost" it's working fine. But when i'm giving other than that it's throwing me error as :
    java.io.IOException: HTTPS hostname wrong: should be <192.168.2.36>
    I don't know what's the problem. Could any tell me where i'm wrong. In the CN i've given my ip address. Please help me out.
    Do i need to do something else?

    thanks for your kind help.
    But i follwed the same which are given. Do i need to set something in netbeans? i'm usign netbeans 5.5,tomcat 5.5 and jdk5. Still i'm getting the same error as "https hostname is wrong: it should be <192.168.2.278>", which my ip address. I've created my self signed certificate and given the path to it by mentioning in System.setProperty("javax.net.ssl.trustStore","d:/keystore/auth.keystore"); and for password to. Do i need to do something else?
    Please help me out in this reagard. I'm startup of this technology.
    in advance thanks.

  • Setting security constraint for web App

    Hai all!
    I am new to bea and i am trying to set up security constraints for my webaplication..
    I want user to be authenticated before he access any of the pages in browser..
    All i did was adding following entries to web.xml
    <security-constraint>
              <web-resource-collection>
                   <web-resource-name>
                        webresources
                   </web-resource-name>
                   <url-pattern>
                   </url-pattern>
              </web-resource-collection>           
              <login-config>          
                   <auth-method>
                   BASIC
                   </auth-method>          
              </login-config>
         </security-constraint>
    But no such thing is happening,,
    I know i am doing wrong but donno where exactly i am wrong..
    Pls guide me in sequnece of steps regarding what to do to accomplish what i want..
    Thanks and Regards
    Manohar

    I guess you need to set the role that is allowed to log into your application.
    try this in web.xml:
         <security-constraint>
              <display-name>Whatever</display-name>
              <web-resource-collection>
                   <web-resource-name>resource</web-resource-name>
                   <description>Desc</description>
                   <url-pattern>/*</url-pattern>
                   <http-method>GET</http-method>
                   <http-method>POST</http-method>
              </web-resource-collection>
              <auth-constraint>
                   <description>desc</description>
                   <role-name>MyRole</role-name>
              </auth-constraint>
                   <user-data-constraint>
                   <transport-guarantee>NONE</transport-guarantee>
              </user-data-constraint>
         </security-constraint>
         <login-config>
              <auth-method>BASIC</auth-method>
         </login-config>
         <security-role>
              <description>desc</description>
              <role-name>MyRole</role-name>
         </security-role>
    and map the role with a group/user in weblogic.xml:
         <security-role-assignment>
              <role-name>MyRole</role-name>
              <principal-name>MyGroupOfUsers</principal-name>
         </security-role-assignment>
    Hope this helps.
    Xavi
    "Manohar" <[email protected]> wrote:
    >
    Hai all!
    I am new to bea and i am trying to set up security constraints for my
    webaplication..
    I want user to be authenticated before he access any of the pages in
    browser..
    All i did was adding following entries to web.xml
    <security-constraint>
              <web-resource-collection>
                   <web-resource-name>
                        webresources
                   </web-resource-name>
                   <url-pattern>
                   </url-pattern>
              </web-resource-collection>           
              <login-config>          
                   <auth-method>
                   BASIC
                   </auth-method>          
              </login-config>
         </security-constraint>
    But no such thing is happening,,
    I know i am doing wrong but donno where exactly i am wrong..
    Pls guide me in sequnece of steps regarding what to do to accomplish
    what i want..
    Thanks and Regards
    Manohar

  • Custom Token For web services security

    How can I implement a token based security for web services? I will return a
    custom token which contains a session-id among others after a JAAS
    authnetication. I want to pass this token for every web service invokation.
    I want the serverside EJB methods to be authorized based the roles in token.
    Any ideas or pointers on the possible solutions?
    Thanks,
    Vish

    How can I implement a token based security for web services? I will return a
    custom token which contains a session-id among others after a JAAS
    authnetication. I want to pass this token for every web service invokation.
    I want the serverside EJB methods to be authorized based the roles in token.
    Any ideas or pointers on the possible solutions?
    Thanks,
    Vish

  • Import Java Bean model in Web dynpro DC

    Hi all,
    I have created the following DC's on a track:
    1. EMPDic (Type: Dictionary) - DC that contains the database table.
    2. EMPEjb (Type J2EE) - DC that contains the EJBs that have business logic. Created a public part EMPpp that containd the bean classes.
    3. EMPEar (Type J2EE) - DC that contains the EMPEjb module.In Used Dcs added EMPpp
    4. EMPCmd (Type: Java) - DC that acts as the command bean.
    Created 2 public parts 'compile'(Type:compilation) and 'deploy' (Type:assembly). In Used DCs added EMPpp.
    5. EMPWd (Type: Webdynpro) - DC that will contain the Java Bean Model and the application. In Used DCs added 'compile' and 'deploy'.
    Q1.) Now when i try to import the Java bean model by selecting the radio button "public parts of used DCs" and look at the dropdown, i am not able to see any of the jar's related to my command bean DC.
    If i select the radio button "project(source folder)" and click Next it says 'No JavaBeans for import'. Am i missing something?
    Q2) Could someone tell me the exact steps from pt. 4 onwards. ie. whether it is necessary to create the 2 public parts for EMPCmd DC and what should it contain.
    Thanking you in advance.

    Hi Melwyn,
    check the NWDI tutorial, it will help you:
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/c0b53558-6df6-2910-cfbf-a63316bb0fad
    kind regards
    Stefanie

  • IE Security Setting for web.show_document

    Hi,
    I've run a report on the report server and generated it as a pdf, now I want to open the PDF using web.show_document.
    As it starts to open I get an error message saying that the security settings of IE are preventing the opening of the file.
    I've not seen this before over a number of different installations. I've disabled the pop-up blocker for this site.
    After searching I've not found anything here.
    Is there any documentation on what to set the security configuration to?
    IAS v 10gR2
    IE v 6.0
    many thanks
    Tony

    Make sure that the URL you are opening, the OAS host server domain name in this case, is within the trusted sites of the browser.
    It happened with us when opening our application online from the internet.
    Tony

  • Security settings for web analysis and finacial reporting

    Hi
    Would anyone be able to let me know when I am creating a group/user within Shared Services what provisioning I need to set up so that the user can create there own reports using finacial reports and web analysis.
    Also If a user is to just refresh reports but cannot change them what access do they need?
    Thanks

    Hi,
    Have a read here :- http://download.oracle.com/docs/cd/E12825_01/epm.111/epm_security_11111/apas04.html
    It should have all the information you are after.
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • Bad link for web service security tutorial

    The following link
    http://otn.oracle.com/sample_code/tutorials/wspki/toc.html
    gives a blank page

    Try
    http://otn.oracle.com/sample_code/tutorials/wspki/toc.htm
    Note : htm instead of html.
    Thanks
    -- Umesh

  • Good Model for Web Self-service User registration ?

    Trying to build a web self-service user registration module.
    9iAS documentation says 9iAS uses JAZNUserManager that uses jazn-data.xml.
    I like jazn-data.xml because the password is encrypted and works with j_security_check with minimal coding, just need to make entries in web.xml.
    Is this a good model, ie storing web users in jazn-data.xml ?
    Thanks in advance

    You should have a kind of auto-enrollment feature on Sharepoint side where, based on a menu selection, the user will be able to enroll himself and his account will be moved to an OU or added to groups based on the provided details. The problem with this
    is that this is usually the source of duplicated user accounts in AD and it is not easy to apply a kind of control on how users should enroll themselves only one time and also hard to manage and cleanup later.
    You can ask them in Sharepoint forums for more details:
    http://social.technet.microsoft.com/Forums/en-US/category/sharepoint
    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

  • ADF Security integration with Web Logic Security using SQL authenticator

    Hi,
    I was trying to find a suitable way of handling the following requirements:
    1. Administrators should be able to create the roles, groups, users and assign users to roles.
    2. User, Roles, Groups should be stored in DB and Users need to be authenticated accordingly.
    3. I need to be able to map roles with security permissions on Taskflows, JSF Pages, on UI level using groovy expressions and even at Entities level.
    I performed the following tasks:
    1. I created back end Security tables, created SQL authenticator as provider and defined the queries in it then I created ADF Application and used JMX APIs to call the SQL authenticator to perform its operations.
    2. I defined the roles and respective resource permissions in ADF i.e. Jazn xml file because my requirement no 3 would not be achievable without using ADF security.
    Now in this scenario how I can login a user in ADF context and assign roles programmatically that I authenticated from JMX APIs? Or is there any other suitable way to handle these requirements?
    Thanks.
    -Moeen

    Hi Charu,
    Thanks for your reply.
    Can we programmatically add a user in adfsecuritycontext as a currently logged in user, a user which is not present in jazn.xml file? If yes then can we programmatically assign the roles which are defined in jazn.xml to that specific user?
    Moeen

  • Utilizing a java stored procedure for web services

    Hello,
    I am a newbie in web services and I want to learn web services by utilizing a simple procedure and making use as a web service.
    I have a java stored procedure deployed in Oracle 8i database, which I am using for sending emails. I am invoking the java stored procedure in my JSP and Java classes by making a database connection and calling the procedure.
    I am planning to make this a web service so that I could call this from any of my application.
    Could someone give an insight how to make this a web service, albeit the utility is not very complex and my knowledge about web services is limited, I thought I could start by doing a simple program.
    Any help is highly appreciated.
    Thanks
    Ponic

    Hi Tanna.
    Thanks for your reply^^
    I create webservice that access my stored procedure.
    But not supported.
    http://dmp.humaxdigital.com/HumaxCmdwService/Service1.asmx?wsdl
    There are two service. (Hello World - Test, prcrelease_test - Stored Procedure )
    'Hello World' is supported but prcrelease_test is not supported. I can't drag to storyboard.
    Our company's DB is MSSQL2005.
    please help me^^

  • Please Migrate to the java 2 Security Model.

    HI, this is my first post BTW, I dont know much about Java its just that when i try to access my work from home(united Airlines). It was working fine until i had to format My hd and since u can no longer download java from the microsoft site i had to come here to download the newer version and havent been able to access it since. Is there a site or anywhere that i can download hte old version perhaps or get this one to work? when i tyr to login i get this Error in the Java Console:
    ipsNetletStatus.init()
    Netlet Starting (16)
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netlet found Netscape
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netlet config: https://gw-r5.airline.compuserve.com:443/http://as-r5.airline.compuserve.com:8080/NetletConfig?func=loadResources
    ipsNetletStatus.start()
    ...ipsNetletStatus.run() is starting
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    netscape.javascript.JSException: Failure to evaluate netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesRead");navigator.preference("network.proxy.ssl");
    at sun.plugin.javascript.ocx.JSObject.eval(Unknown Source)
    at BrowserProxyInfo.<init>(BrowserProxyInfo.java:58)
    at SServer.loadParameters(SServer.java:140)
    at SServer.start(SServer.java:111)
    at sun.applet.AppletPanel.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

    Lokk at this thread http://forum.java.sun.com/thread.jsp?forum=31&thread=297109
    and search the Forums using the term "java 2 security model" (include the quote marks)

  • Migrate to the Java 2 security model

    Hi, I've tried to use signed applets but I always get the following message:
    Java (TM) Plug-in: Version 1.3.1_02
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    I'm using IExplorer 5.5 with the Java Plug-In 1.3.1_02.
    What does it mean 'migrate to the Java 2 security model'?
    How can I migrate?
    thanks in advance.

    So you mean your applet is working in Netscape 6.2 after editing prefs.js. In that case, one possible solution is take away the support of netscape.security.* in your applet . Because netscape.* packages 'might' use the Netscape Security model, which is no longer supported(check out). Hence the system asks you to migrate to the current java security model. Even if you remove the netscape.* support, your applet will work, if you have signed it properly. In that case, you don't have to touch prefs.js or java.policy or anything from your client machine.(provided you use standard certificates like verisign).
    Since you have only class file of the applet and not the source, decompile the class file and make the alteration and compile it back. A decompiler Jad is available here http://midlet.org/jsp/category.jsp?parentLevel=137.
    Let me know if this has helped you.
    Rajesh

  • SOAP Request with Web Service Security

    Hi masters of XI,
    the Oasis standard for web services security saids that exists three levels of security for web services, at higher level is Encryption, middle level is signature and at lower level is authentication with username and password inside the soap envelope.
    I need to do a SOAP Request signed with a X.509 certificate and username and password too in SAP PI 7.0 SP11. I can sign the request with X.509 certificate without problems but i can't authenticate the request with username and password in usernametoken element like saids the Oasis standard
    <wsse:Security>
    <wsse:UsernameToken>
    <wsse:Username>XXXX</wsse:Username>
    <wsse:Password>XXXXXXXXX</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    How can we send UserNameToken's elements inside SOAP web service envelope
    signing with X.509 certificate also? There are any way to do it in the
    receiver agreement or receiver SOAP adapter?
    thanks.

    Hi,
    thank you very much for your answers.
    I have solved the SSL comunication and i can sign with X.509 certificates. My problem is that in the SOAP envelope of resquest signed only travels the X.509 certificate and I need to send the username security token (wsse:UsernameToken) also.
    <wsse:Security>
    <wsse:UsernameToken>
    <wsse:Username>XXXX</wsse:Username>
    <wsse:Password>XXXXXXXXX</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    I can't find the solution to do it. The Netweaver documentation says that Netweaver is able to sign SOAP request with X.509 certificates and is able too for using UsernameToken as part of Oasis standard for web service security. In abap stack of NW you can assign a security profile to a web service call for signing the message or authenticate it with username/password inside SOAP envelope, but in java stack of XI i think that there is no way to do it.
    This is my Request:
    <?xml version="1.0" encoding="utf-8"?>
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
      <soapenv:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
          <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
          <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
            <ds:SignedInfo>
              <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
              <ds:Reference URI="#id-104309952">
                <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
              </ds:Reference>
              <ds:Reference URI="#Timestamp-104310599">
                <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
              </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
            <ds:KeyInfo Id="KeyId-104377209">
              <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
                <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
              </wsse:SecurityTokenReference>
            </ds:KeyInfo>
          </ds:Signature>     
          <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
            <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
            <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
          </wsu:Timestamp>
        </wsse:Security>
      </soapenv:Header>
    And this is the request I need:
    <?xml version="1.0" encoding="utf-8"?>
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
      <soapenv:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
          <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
          <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
            <ds:SignedInfo>
              <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
              <ds:Reference URI="#id-104309952">
                <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
              </ds:Reference>
              <ds:Reference URI="#Timestamp-104310599">
                <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
              </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
            <ds:KeyInfo Id="KeyId-104377209">
              <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
                <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
              </wsse:SecurityTokenReference>
            </ds:KeyInfo>
          </ds:Signature>
    <!-- THIS IS THE PART I NEED -->
    <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-104312926">
            <wsse:Username>xxxxxxx</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
          </wsse:UsernameToken>
    <!--  -->
    <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
            <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
            <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
          </wsu:Timestamp>
        </wsse:Security>
      </soapenv:Header>

  • Web Intelligence Security Best Practices

    Hi All,
    We are in the process of starting to use web intelligence. I am puttng together a security model for it and I have some questions around best practices. We have a fairly simple two tier security model so far, end users and creators. Creators will be able to create reports in certain folders and everyone else will be able to run and refresh those reports they can see.
    I was going to create a group for all the creators and assign them to a custom access level in the web intelligence application. Then they would also need to be in another creator group for the particular folder. So they would be able to the create reports in that folder and execute reports in another.
    For all the end users, they need to be able to view and refresh reports, drilling, data tracking, etc. if they have access to them. Is the best practice then to just assign the Everyone group the out of the box view on demand access level?
    I have been digging around looking for resources and welcome anyone's input or ideas on the subject.
    Thanks in advance for any assistance provided.

    Thank you for your prompt reply.
    But that means that the same security groups will need to be creaed on both palces, web intelligence application and at the folder level?
    I was thinking if I create a developer group for the web intelligence application level, all developers would go into there. Then at the folder level I could create another folder level security group for developers to access the folder.
    Would that not simplify the maintenance at the application level? Or would that not work?

Maybe you are looking for