"Orphaned" rights in an access level?

Odd one here.  I query for an access level (SI_KIND = 'CustomRole'), then iterate through the Role Rights collection.  I am finding some rights included that are not shown on the Access Levels screens in the XI 3.x CMC.  Specifically, entries with an .ApplicableKind of "Federation" and .Kind of "QaaWS" and "MetaData.MetaDataRepositoryInfo".
To try it for yourself, make a copy of any of the built-in roles, then in the CMC set EVERY right to not specified.  The CMC will show absolutely no rights in the access level at all.  YET, with the SDK you will still see the rights I mentioned before included.  In one case, I have built a custom access level by cloning an existing one, and can find no way to remove these "orphaned" rights via CMC.
So two questions I guess.  What are these and are they somehow important (or just "leftovers" from development stuff)?  If they can't be removed via the CMC interface, I would like to remove them from my custom access level via SDK, yet I can't find a method there either.  Am I missing something?
FYI, Enterprise COM SDK if that matters.

In the CMC, only those rights that are configurable (i.e., public) are displayed.
Some are hidden, since they're not public - the ones you're looking at are, I think, internal ones.
By the way, Enterprise COM SDK was deprecated with XI Release 2, and no longer supported for XI 3.
Some internal stuff uses the Enterprise COM SDK still, but no guarantees that it's not going to disappear some day in XI 3.x
Sincerely,
Ted Ueda

Similar Messages

  • Export Rights from Custom Access Level to Excel

    How can I export the rights from Custom Access Levels to Excel? Thanks.

    Hi Nancy,
    Is this what you're looking for:
    1522,Custom Access Level 1,/Custom Roles/Custom Access Level 1,CustomRole,General,General,Add objects to folders that the user owns,Not Specified,Object and Subobjects,
    This is the comma delimited output from a Security Query executed in the CMC.  You should have no problem pulling this into Excel by specifying the appropriate text delimiter.  This can be accessed under the "Query Results" section of the CMC by creating a new Security Query.
    The output represents the Object Name and ID (Custom Access Level 1 = 1522), the type of object, scope, etc.  I exported this for the Administrators group specifically, and it does have a limitation of only being able to run for a single group at a time, but will give you substantial information.
    Let me know if you'd like additional detail.
    Thanks,
    Jim

  • Custom Access Level/User groups in BOBJ XI

    Experts,
    We are currently implementing BOBJ XI 3.1. Up on go-live, it will be handled by the Operations team from BOBJ CMC. We do not want to give administrator group for the operations users in CMC. Instead, we want to create custom groups with custom access levels.
    Ex. one for basis who will set up authentication, licenses etc
          one for the functional folks to maintain universes, export universes and set up security.
    Is there a way to set up user groups like this. We were able to successfully restrrict access just to folders, universes by creating a custom access level. But we were not able to do it on other items listed in CMC. Has anyone done this level of access before for the operations or even with in the development team instead of using administrator group>
    Appreciate your response
    Thanks
    Kee

    Hi,
    We can assign different rights to a group by creating custom access levels.
    Create a new group ,and also create custom access level and assign it to the new group.
    you can provide access to different objects to the group by adding rights to the access level.
    Under the access level > click  Included Rights > Add and Remove Rights > Under the Rights Collection > click on System.
    You  could find all the CMC object access rights can be assigned.
    Regards,
    Rameez

  • Access Levels to change Universe

    Hi
    I have created a WebI template (with formated layout) based on a kind of 'dummy universe'.
    The goal is that some 'power users' should be able to copy this template to their favorites and then change the universe to one they are allowed to use.
    These 'ad hoc ' universes are accessible when you create a new webi report but when you want to change it to one of the other adhoc univereses then they are not viewable.
    The current access levels let the power users choose an universe to work with. So that's OK.
    But rights in the Access levels should be set on the universe (sub) folder where these adhoc Univ's are stored?
    I assigned already these rights to the universe folder:
    System - Connection   => Data Access   
    System  - Connection   => Use connection for Stored Procedures   
    System  - Connection   => View objects   
    System  - Universe       =>  Create and Edit Queries Based on Universe   
    System  - Universe       =>  Data Access   
    System  - Universe       => View objects
    We're working with BOE XI R3.1 sp 3 fixpack 5
    Thx in advance for your answers
    JP - BO Admin

    Hi Jean-Pierre,
    The only thing that comes to mind is the possibility that the universes are in a different domain, meaning different repository, etc. Do you all log into the exact same CMS/Infoview server?
    If that is not the issue, then try creating a new user with the same access rights as yours, the one that can access the other universes, and see how that works, then change theirs to match, and then restrict them as necessary.
    Hope that helps.

  • Can not assign custom access level with a user login

    Hi,
    I am using Business objects XiR3. When I am loging in with a user having full control access and then I select a folder added a principal from user sercurity and when I am trying to add custom access level it gave me error
    An error occurred at the server during security batch commit: Request 0 of type 38 failed with server error : You do not have sufficient rights to make the requested security changes.
    it allow me to give access to standard access levels. also when I tried to assign custom access level with administrator user, it assigns custom access level to a principal without error.
    Can any body tell me what I am doing wrong?
    Thanks in advance,
    Rajendra

    Hi Rajendra,
    You have to make sure that the user group has the right 'Use access level for security assignment' assigned as granted on the access level you created. You can find this right under System / Access Level. That should do the trick!
    Hope this helps...
    Martijn van Foeken
    Focuzz BI Services
    http://www.focuzz.nl
    http://nl.linkedin.com/in/martijnvanfoeken
    http://twitter.com/mfoeken

  • Access level - unknown rights

    Hi,
    I was trying to create customer access level in CMS, but when I tried include some rights into it, I failed because in the name field of many rights I see "Unknown right", so I don´t know which right is for what.
    for example
    Collection Type Right Name
    Application CMC Unknown right
    General General Unknown right
    The same it is in predefined access levels Full Control, View, Schedule... there is a lot of rights with name "Unknown right" only few of them are filled with correct name. I was thinking it´s some king of bug or language problem.
    Version of my BOE instalation is 12.3.0.601.
    Any help is welcomed.

    Thanks for really quick respond.
    I tryed this solution about two days before, but it didn´t work for me. I´m located in Slovakia, so I was also trying to change language to English in internet explorer and on machine where the BOE is installed but it didn´t help. BOE was installed in English.
    I have also another problem with access levels. When I create new access level and pres button Add/Remove rights it give me this error. Maybe the cause is the same in both this issues, maybe it´s absolutely diffiren problem.
    Exception report
    message
    description The server encountered an internal error () that prevented it from fulfilling this request.
    exception
    org.apache.jasper.JasperException
    +     org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512)+
    +     org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:395)+
    +     org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)+
    +     org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)+
    +     javax.servlet.http.HttpServlet.service(HttpServlet.java:802)+
    +     com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:346)+
    +     com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:152)+
    +     com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:107)+
    +     com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:245)+
    +     com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:137)+
    +     javax.faces.webapp.FacesServlet.service(FacesServlet.java:214)+
    +     com.businessobjects.webutil.boetrustguard.BOETrustedRequestCreator.doFilter(BOETrustedRequestCreator.java:96)+
    +     com.businessobjects.webutil.boetrustguard.BOETrustFilter.doFilter(BOETrustFilter.java:83)+
    +     com.businessobjects.webutil.TimeoutCheckerFilter.doFilter(TimeoutCheckerFilter.java:99)+
    root cause
    java.lang.NullPointerException
    +     com.businessobjects.clientaction.customrole.includedrights.IncludedRightsBean.initRightsForSelectedPlugin(IncludedRightsBean.java:212)+
    +     org.apache.jsp.jsp.CustomRole_005fIncludedRights.rights_jsp._jspService(rights_jsp.java:148)+
    +     org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)+
    +     javax.servlet.http.HttpServlet.service(HttpServlet.java:802)+
    +     org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334)+
    +     org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)+
    +     org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)+
    +     javax.servlet.http.HttpServlet.service(HttpServlet.java:802)+
    +     com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:346)+
    +     com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:152)+
    +     com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:107)+
    +     com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:245)+
    +     com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:137)+
    +     javax.faces.webapp.FacesServlet.service(FacesServlet.java:214)+
    +     com.businessobjects.webutil.boetrustguard.BOETrustedRequestCreator.doFilter(BOETrustedRequestCreator.java:96)+
    +     com.businessobjects.webutil.boetrustguard.BOETrustFilter.doFilter(BOETrustFilter.java:83)+
    +     com.businessobjects.webutil.TimeoutCheckerFilter.doFilter(TimeoutCheckerFilter.java:99)+
    note The full stack trace of the root cause is available in the Apache Tomcat/5.5.20 logs.

  • Access levels in dreamweaver cs4

    Hi,
    I have been playing around with dreamweaver cs4 using the tutorials and videos i have thanks to you guys.
    I created a simple login mysql database and used the login features within dreamweaver cs4 which was great and so simple.
    I have came across login to a secured site so many times over the past few years pulling down sample asp with access scripts and never getting it right.worked first time no problem.
    however what i do also get asked is access level security for a secured area. i noticed in the login objects properties there was an option "secure page and get access level from database table" however what i want to be able to do is have it so an admin would see all contacts in the database but the individual agents only have access to their own assigned contacts.
    i would be greatful anyone could point me in right direction from within dreamweaver to do this, also not sure how i would setup the table in mysql to reflect this?
    any pointers or help would be greatly appreciated.
    many thanks
    andy

    Not sure if this is what you want, at least it will give you an example
    <!DOCTYPE HTML>
    <html>
    <head>
    <meta charset="utf-8">
    <title>Untitled Document</title>
    <style>
    body {width: 980px; margin: auto; background: #FEE49A;}
    #header {height: 120px; background: #060;}
    #article {height: 400px; width: 749px; float: right; background: #FFF; border-right: 1px solid #060;}
    #aside {height: 400px; width: 228px;    float: left; border-right: 1px solid #060; border-left: 1px solid #060; background: #CCC;}
    #footer {height: 50px; background: #060; clear: both;}
    </style>
    </head>
    <body>
    <div id="header"></div>
    <div id="aside"></div>
    <div id="article"></div>
    <div id="footer"></div>
    </body>
    </html>
    Gramps

  • Managing "Access Levels" on a domain level from Lync 2010 client

    Hello,
    Our company moved from Office Communicator 2007 R2 clients to Lync 2010 clients.
    Previously in Office Communicator 2007 R2 client, it was possible to set default Access Levels for complete domains (instead of individual users only), using the Access Level Management view.
    In the Lync 2010 this options seems to be missing. The management options per user are still there (by right-clicking a user), but the access to manage it for a domain is no longer visible.
    Is there any way to manage Access Levels for domains, in a similar way we had in Communicator 2007? It appears that Lync 2010 stilluses the Access Levels set previously for domains, but users do no longer have any possibility to make further updates,
    and are stuck (from their perspective at least) with the settings made in 2007 before.
    Thanks.

    Lync 2010 doesn’t have the feature natively.
    With Lync Server 2010, by default, the contacts from federated domains are added as External Contacts.
    Lisa Zheng
    TechNet Community Support

  • Security and access levels

    I have created 4 users access levels, however, when I try to implement, when I keep inheritence, default security keeps coming up,   e.g. try changing everyone to my new access level and I get the new access level, but I also get view (inherited) - how can I "clean out" the old security settings??

    Sorry for the delay!
    OK, here's our situation - it's pretty straight forward;
    1500 users
    1500 (all) users in Everyone
    Of the 1500 users in Everyone;
    1200 in subgroup A
    200 in subgroup B
    90 in subgroup C
    10 users in Administrators
    4 universes
    1 connection
    Goal:
    Everyone and subgroups, same as admin, exception: can't delete or save to "corp" doc's.  My thought is to use same access level, then use the advanced configuration on the folders to prevent everyone from deleting any "corp docs"
    I have applied this access level to everyone and admin at;
    application > infoview, webi. cmc, deski, discussions, search
    universes > all 4
    connections > the 1
    folders > root folder,  level 1, denied access to everyone accordingly on level 2
    I have also added this access level to the top level security for users and groups
    Issues; 
    1. When I check the access level for everyone on folders, level 1 and below, I get the custom access level as inherited, but also view aslo as inherited.
    2. The users added to the admin group do not have same rights as the "administrator - for example, administrator can delete objects in the folders, but other users (within admin group) can not?  if I manually add the users to the folders, I can get this to work,  but doesn;t make sense, why would a user within a group have different rights, than any other user within the same group, with the same rights???
    Hope this helps!
    Edited by: Michael Bujarski on Jun 5, 2009 3:56 PM

  • Problem with Restrict Access to Page with access level using ASP

    I'm using Dreamweaver CS3 with ASP-VBScript and an Access
    database. The pages were created from scratch for this project,
    using those tools all the way through.
    I've created a login page, an admin homepage, and add, edit,
    and list records pages for three tables. The login page uses the
    Server Behavior "Log in User", all other pages use the Server
    Behavior "Restrict Access to Page". All of these are based on an
    Access Level.
    Login seems to work correctly, and redirects to the admin
    homepage. From the admin homepage, I can open any other page as
    expected, and they initially display correctly. On the add and edit
    pages, however,
    submitting the form often results in getting logged out, but
    not always.
    Once this happens, I can log back in, but other problems will
    sometimes occur during that second login session. Sometimes,
    logouts will occur on pages that worked fine during the first login
    session. Sometimes, another session variable that I've setup
    manually will change when it shouldn't...as if there were two
    values stored for my session variable, and reloading the page
    changes to the other value.
    This
    post seems closest to my experience, but it doesn't look like
    there was really an answer beyond "I had to fight with it for a bit
    to get it to work":
    I suspected that there is some problem with session settings
    on the server. We have an almost identical tool on the same server
    that was developed with an older version of DW that works more
    reliably; it sometimes has problems with the initial login, but
    never has a problem after that.
    Has anyone experienced problems like this? Any suggestions
    for what to check? I'm really pulling my hair out since it's so
    unreliable...the kind of problem that goes away when you try to
    show someone and comes back when they leave.

    Hello,
    I was thinking that all I would need would be the username, although username and paswsword would be more secure.  There are about 50 users and no groups or levels.  They are all equal ... same level.
    The website is private and there is a general content area for all users and then there will be private areas for each user where proprietary documents will be held.  I need to be able to ensure that user 'A' can only see the user 'A' pages, user 'B' can only see user 'B', etc.
    I don't really understand what the Dreamweaver script is doing, but the overview sounded like it was the right tool to accomplish what I'm trying to do.
    Any assistance greatly appreciated.
    thanks.

  • Problems with Serv.Behav. Restrict Access Level

    Hi,
    I hope you can help - can't find an answer to this one. Been
    going nuts on this! Thank you very much for anything help you can
    provide.
    1) Using DW 8.0, PHP 4.4.7, MySQL 4.1.22
    2) Set up log in page, everything works if the LogIn Server
    Behavior is set to "Restrict Access" to only Username &
    Password. If set to Username, Password & Access Level get a
    MySQL error page:
    "You have an error in your SQL syntax; check the manual that
    corresponds to your MySQL server version for the right syntax to
    use near 'Privileges FROM tbl_users WHERE Username=%s AND
    Password=%s' at line 1"
    3) Here's the code:
    <?php require_once('Connections/conn_MemberList.php');
    ?>
    <?php
    if (!function_exists("GetSQLValueString")) {
    function GetSQLValueString($theValue, $theType,
    $theDefinedValue = "", $theNotDefinedValue = "")
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue)
    : $theValue;
    $theValue = function_exists("mysql_real_escape_string") ?
    mysql_real_escape_string($theValue) :
    mysql_escape_string($theValue);
    switch ($theType) {
    case "text":
    $theValue = ($theValue != "") ? "'" . $theValue . "'" :
    "NULL";
    break;
    case "long":
    case "int":
    $theValue = ($theValue != "") ? intval($theValue) : "NULL";
    break;
    case "double":
    $theValue = ($theValue != "") ? "'" . doubleval($theValue) .
    "'" : "NULL";
    break;
    case "date":
    $theValue = ($theValue != "") ? "'" . $theValue . "'" :
    "NULL";
    break;
    case "defined":
    $theValue = ($theValue != "") ? $theDefinedValue :
    $theNotDefinedValue;
    break;
    return $theValue;
    ?>
    <?php
    // *** Validate request to login to this site.
    if (!isset($_SESSION)) {
    session_start();
    $loginFormAction = $_SERVER['PHP_SELF'];
    if (isset($_GET['accesscheck'])) {
    $_SESSION['PrevUrl'] = $_GET['accesscheck'];
    if (isset($_POST['textfield'])) {
    $loginUsername=$_POST['textfield'];
    $password=$_POST['textfield2'];
    $MM_fldUserAuthorization = "Privileges";
    $MM_redirectLoginSuccess = "MemberList.php";
    $MM_redirectLoginFailed = "MemberDeny.php";
    $MM_redirecttoReferrer = false;
    mysql_select_db($database_conn_MemberList, $conn_MemberList);
    $LoginRS__query=sprintf("SELECT Username, Password,
    Privileges FROM tbl_users WHERE Username=%s AND Password=%s",
    GetSQLValueString($loginUsername, "text"),
    GetSQLValueString($password, "text"));
    $LoginRS = mysql_query($LoginRS__query, $conn_MemberList) or
    die(mysql_error());
    $loginFoundUser = mysql_num_rows($LoginRS);
    if ($loginFoundUser) {
    $loginStrGroup = mysql_result($LoginRS,0,'Privileges');
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;
    if (isset($_SESSION['PrevUrl']) && false) {
    $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
    header("Location: " . $MM_redirectLoginSuccess );
    else {
    header("Location: ". $MM_redirectLoginFailed );
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
    Transitional//EN" "
    http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="
    http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html;
    charset=iso-8859-1" />
    <title>Untitled Document</title>
    <style type="text/css">
    <!--
    .style3 {font-family: Verdana, Arial, Helvetica, sans-serif;
    font-size: small; }
    -->
    </style>
    </head>
    <body>
    <p> </p>
    <form id="LogOn" name="LogOn" method="POST"
    action="<?php echo $loginFormAction; ?>">
    <table width="100%" border="0" cellspacing="2"
    cellpadding="2">
    <tr>
    <th scope="col"><div align="right"><span
    class="style3">User:</span></div></th>
    <th scope="col"><label>
    <div align="left">
    <input type="text" name="textfield" />
    </div>
    </label></th>
    </tr>
    <tr>
    <td><div align="right"><span
    class="style3">Password:</span></div></td>
    <td><label>
    <div align="left">
    <input type="text" name="textfield2" />
    </div>
    </label></td>
    </tr>
    <tr>
    <td> </td>
    <td><label>
    <input type="submit" name="Submit" value="Submit" />
    </label></td>
    </tr>
    </table>
    </form>
    <p> </p>
    </body>
    </html>
    Thank you

    I tried this and get the same error message.
    ERROR at line 1:
    ORA-28545: error diagnosed by Net8 when connecting to an agent
    NCRO: Failed to make RSLV connection
    ORA-02063: preceding 2 lines from ALPACWOBF
    listener.ora:
    LISTENER =
    (DESCRIPTION_LIST =
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS = (PROTOCOL = TCP)(HOST = spruce)(PORT = 1521))
    (ADDRESS_LIST =
    (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
    SID_LIST_LISTENER =
    (SID_LIST =
    (SID_DESC =
    (SID_NAME = alpacwobf)
    (ORACLE_HOME = C:\oracle\ora92)
    (PROGRAM = hsodbc)
    tnsnames.ora
    alpacwobf.3LOG.COM =
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS = (PROTOCOL = TCP)(HOST = SPRUCE)(PORT = 1521))
    (CONNECT_DATA =
    (SID_NAME = alpacwobf)
    (HS=ok)
    initalpacwobf.ora:
    HS_FDS_CONNECT_INFO = AlpacWOBF
    HS_FDS_TRACE_LEVEL = 4
    HS_FDS_TRACE_FILE_NAME = alpacwobf.log
    ODBC setting is ok. odbc name is alpacwobf, db is access 2000.
    restart the listener.
    tnsping alpacwobf is ok.
    database link creating is ok.
    but when query,I got error.
    alpac > create database link alpacwobf using 'alpacwobf';
    Database link created.
    alpac > select count(*) from test@alpacwobf;
    select count(*) from test@alpacwobf
    ERROR at line 1:
    ORA-28545: error diagnosed by Net8 when connecting to an agent
    NCRO: Failed to make RSLV connection
    ORA-02063: preceding 2 lines from ALPACWOBF
    Any help will be appreciated.
    Thanks a lot.
    Richard

  • Custom Access Level issue in XI 3.1

    Hi,
    I am using BOXI 3.1 with fp 1.5, this configuration is migrated from XI3.0.
    Earlier we have access level such that user can modify the webi report in folders but they can't overwrite the report, they can save the report in their personal folder but not in same folder or any folder under public folder.
    After migration users can't see the modify option at all, and if i gave then edit object rights then they can see the modify option but they can overwrite at the same time.
    Is there any other rights which i need to provide.
    Thanks for the help/suggestion.

    Hi Marianne,
    I have given the same rights in general rights section, i have denied to add objects to folder but i have give the copy objects rights due to which they can copy the report to their personal folder due to that they got overwritting the report rights.
    Thanks.

  • Multiple access level Webi Reports

    Hi,
    We have Business Objects Enterprise XI 3.1 SP2 FP2.4. Our problem is that we want to asign to the same user diferent levels of visualization for a webi report, but if we asign the security at application level (WebIntelligence) the access levels applies for all reports and if we assign the access level at folder level it doesn´t applied to the visualization of the report. Basically we want that a user see a WebiReport without refresh the data and the same user saw a diferent report in a diferent folder with the capability to do this action.
    Is this possible??
    Thanks a lot.

    Hello,
    I apologize for not replying earlier. I tried to reproduce what you mentioned. InfoView kept crashing on my end when I disable right-click.
    In any case, you mentioned that disabling right-click only works when applied on on the application level (for Webi). We can work with this itself.
    Again, for sake of simplicity, lets assume that we have only two access levels.
    1. Right_Click_Disabled
    2. Toolbar_Disabled
    Also, lets assume that a specific user requires the Right_Click_Disabled access level on Rep_1 in Folder_A and the Toolbar_Disabled access level on Rep_2 in Folder_A.
    For this, you'll need to create two groups. Lets call them Right_Click_Disabled_Grp and Toolbar_Disabled_Grp. Add the user to both groups. Also apply access level Right_Click_Disabled to Webi (application) for group Right_Click_Disabled_Grp (principal).
    Similarly, apply access level Toolbar_Disabled to Webi (application) for group Toolbar_Disabled_Grp (principal).
    Now, give both groups View access on Folder_A. So, the user will have the most restrictive access of the combination of ViewRight_Click_DisabledToolbar_Disabled for all Webi reports in Folder_A.
    Now, for Rep_1 in Folder_A, the user requires Right_Click_Disabled access. So, for Rep_1 in Folder_A, for principal Right_Click_Disabled_Grp, disable inheritance and give the group Right_Click_Disabled (access level) only for Rep_1. Similarly, for Rep_2 in Folder_A, the user requires Toolbar_Disabled access. Again, for Rep_2, for principal Toolbar_Disabled_Grp, disable inheritance and give the group Toolbar_Disabled (access level) only for Rep_2.
    Summary:
    Groups
    Right_Click_Disabled_Grp
    Toolbar_Disabled_Grp
    Access Levels
    Right_Click_Disabled
    Toolbar_Disabled
    Let me know if you have any questions.Also, note that I haven't tested this.
    Best.
    Srinivas

  • Can you copy default Access Levels in 3.1?

    Hello,
    We are trying to create custom Access Levels that are slightly different than the default levels (i.e. Full Control, View, View on Demand, etc.)
    However, when we right-click on the Access Level it acts like it is copying, but it does not create the copy.  If we create a new Access Level and call it Test....we can copy that and it results in a Test(2) Access Level.
    It is like the default Access Levells cannot be copied/cloned.  Looking for confirmation one way or another that this can be done or not.
    Thanks.
    Kevin

    You should, there was a bug in 3.1, unfortunately. I did see that it was escalated. If you need this functionality ASAP then open a message with support so they can attach your case to the escalation too and you can get an update when it's released.
    If you have a 3.0 system available you can copy from there and migrate via import wizard. Not much of a work around I'm afraid... But a patch should be coming in a few months if not sooner.
    Regards,
    Tim

  • Custom Access Level

    Hi All,
    I am stuck in access control mechanism in BO.
    Can anyone forward me any documents related or brief on the custom access level & how to apply it in real, because I am failing to apply it accordingly.
    Thanks.

    Hi Marianne,
    I have given the same rights in general rights section, i have denied to add objects to folder but i have give the copy objects rights due to which they can copy the report to their personal folder due to that they got overwritting the report rights.
    Thanks.

Maybe you are looking for