Report Access level

hi,
Is the concurrent:Report Access level profile option applicable to all concurrent requests(host,pl/sql,reports) or only for reports?
null

Yes, it is to all the concurrent programs.

Similar Messages

SRKIM: R12: Concurrent Report Access Level

PURPOSE
r12 에서는 다른 user 에 의해 수행된 report output 을 볼 수 있는 user 권한을 어떻게 부여 하는지에 대해 알아 보도록 한다.
EXPLANATION
R11i 에서는 profile option: "Concurrent: Report Access Level" 을 지정 하여 concurrent request 의 output 에 대한 access level 을 지정 할 수 있었다.
R12 에서는 이 profile 대신 UMX 의 Role Based Access Control (RBAC) 이 누가 request 의 output 을 볼 수 있는지를 지정 할 수 있도록 한다.
administrator 는 한 request group 의 개별 프로그램이나 프래그램 set 혹은 모든 프로그램이나 셋에 대해 사용자나 role 에 대해 권한을 부여 할 수 있다.
해당 기능을 구현 하기 위해 아래와 같은 permission 이 seeded 되어 있다.
• Permission "Submit Request"
• Permission "View Request"
• Permission Set "Request Operations" containing the permissions "Submit Request"
and "View Request"
• Object "Concurrent Programs"
• Object Instance Set "Programs that can be accessed"
• Object Instance Set "Request sets that can be accessed"
Request security group 에 대한 access 를 특정 role 에 부여 하기 위해서는 아래 steps 대로 수행 한다.
1. UMX Responsibility 에서 user role 을 define 한다.
2. System Administrator responsibility 에서 request security group 을 정의 한다.
3. Functional Administrator responsibility에서 grant 를 정의 한다.
1) grant 에 대한 이름과 description 을 입력한다.
2) 해당 grant 에 대한 Security Context 를 입력한다.
3) Data Security 항목에서 "Concurrent Programs" 혹은 "Request Sets" 를 object 으로 지정하고 next 를 click 한다.
4) Object Data Context 에서 "Instance Set" 을 선택 후 "Programs that can be accessed" 이나 Request Sets that can be accessed 를 선택 한다.
5) Instance Set Information 을 review 후 Instance Set Details 에서 request group 과 해당 application을 입력한다.
6)"Request Operations" 에서 permission set 을 지정한다.
Viewing Requests
위에서 언급한 대로 RBAC 를 통해 viewing requests 권한을 control 할 수 있는데 아래와 같은 instance sets 이 그 역할을 한다.
• All requests submitted by a user
• All requests submitted by a user for a given application
• All requests belonging to a program submitted by a user
• All requests belonging to a request set submitted by a user (irrespective of the constituent programs' owning application) to another user (or a group of users - via a role).
REFERENCE
NOTE. 736547.1 - Concurrent Report Access Level

Hello Kai,
would you mind giving me a hand and post here the answer to your question? The mentioned metalink note is just referencing a whole section within 120sasg (B31451-05.pdf). If you would provide a short summary what needs to be done would be very welcome.
Thanks a lot
Volker

Profile option Concurrent:Report Access Level

I need to set the profile Concurrent:Report Access Level .. but it is not retreivable from profile--> system -->.. any idea ?
Kai

Hello Kai,
would you mind giving me a hand and post here the answer to your question? The mentioned metalink note is just referencing a whole section within 120sasg (B31451-05.pdf). If you would provide a short summary what needs to be done would be very welcome.
Thanks a lot
Volker

Dynamic reports for different access levels

 I want to create a report using Hyperion Report which will showthe data dynamically.I have certain hierarchy in my dimesions and there are differentusers associated with different hierarchy levels.E.g. Person1 can access only Level 0 data. Person 2 can accesslevel 1 and level 0 data. Person3 can access level 2, level 1 andlevel 0 data. Basically any user can access data of all itsdescendants. All this needs to be done using same report becuase they areviewing same kind of reports , but just the different levels ofdata. Please guide me, how to implement this using Hyperion Reports.It would be a great help. Thank you.

Hi again
Well, here's the way it may work for a compiled .CHM setup.
If you are using compiled .CHM files, I'm guessing your software is
modular. Meaning that at the time it is installed, the user has
options of choosing between the following modules:
Module 1
Module 2 - 9
Module 10
In this setup, you would create help that is generic that all
modules would need. That one would be the Master. Then you would
create separate projects for the remaining modules. You would then
provide it all to the person that handles the installation program
for your application. That person would then handle configuring the
installer application so that only help for the actually installed
modules is installed. If a module has been excluded, help is not
installed for that module and doesn't appear and is not available
to the user.
Hopefully that makes sense to you. If not, ping back and I or
someone else will take a stab at another explanation.
Cheers... Rick

Multiple access level Webi Reports

Hi,
We have Business Objects Enterprise XI 3.1 SP2 FP2.4. Our problem is that we want to asign to the same user diferent levels of visualization for a webi report, but if we asign the security at application level (WebIntelligence) the access levels applies for all reports and if we assign the access level at folder level it doesn´t applied to the visualization of the report. Basically we want that a user see a WebiReport without refresh the data and the same user saw a diferent report in a diferent folder with the capability to do this action.
Is this possible??
Thanks a lot.

Hello,
I apologize for not replying earlier. I tried to reproduce what you mentioned. InfoView kept crashing on my end when I disable right-click.
In any case, you mentioned that disabling right-click only works when applied on on the application level (for Webi). We can work with this itself.
Again, for sake of simplicity, lets assume that we have only two access levels.
1. Right_Click_Disabled
2. Toolbar_Disabled
Also, lets assume that a specific user requires the Right_Click_Disabled access level on Rep_1 in Folder_A and the Toolbar_Disabled access level on Rep_2 in Folder_A.
For this, you'll need to create two groups. Lets call them Right_Click_Disabled_Grp and Toolbar_Disabled_Grp. Add the user to both groups. Also apply access level Right_Click_Disabled to Webi (application) for group Right_Click_Disabled_Grp (principal).
Similarly, apply access level Toolbar_Disabled to Webi (application) for group Toolbar_Disabled_Grp (principal).
Now, give both groups View access on Folder_A. So, the user will have the most restrictive access of the combination of ViewRight_Click_DisabledToolbar_Disabled for all Webi reports in Folder_A.
Now, for Rep_1 in Folder_A, the user requires Right_Click_Disabled access. So, for Rep_1 in Folder_A, for principal Right_Click_Disabled_Grp, disable inheritance and give the group Right_Click_Disabled (access level) only for Rep_1. Similarly, for Rep_2 in Folder_A, the user requires Toolbar_Disabled access. Again, for Rep_2, for principal Toolbar_Disabled_Grp, disable inheritance and give the group Toolbar_Disabled (access level) only for Rep_2.
Summary:
Groups
Right_Click_Disabled_Grp
Toolbar_Disabled_Grp
Access Levels
Right_Click_Disabled
Toolbar_Disabled
Let me know if you have any questions.Also, note that I haven't tested this.
Best.
Srinivas

Custom Access Level issue in XI 3.1

Hi,
I am using BOXI 3.1 with fp 1.5, this configuration is migrated from XI3.0.
Earlier we have access level such that user can modify the webi report in folders but they can't overwrite the report, they can save the report in their personal folder but not in same folder or any folder under public folder.
After migration users can't see the modify option at all, and if i gave then edit object rights then they can see the modify option but they can overwrite at the same time.
Is there any other rights which i need to provide.
Thanks for the help/suggestion.

Hi Marianne,
I have given the same rights in general rights section, i have denied to add objects to folder but i have give the copy objects rights due to which they can copy the report to their personal folder due to that they got overwritting the report rights.
Thanks.

Custom Access Level

Hi All,
I am stuck in access control mechanism in BO.
Can anyone forward me any documents related or brief on the custom access level & how to apply it in real, because I am failing to apply it accordingly.
Thanks.

Hi Marianne,
I have given the same rights in general rights section, i have denied to add objects to folder but i have give the copy objects rights due to which they can copy the report to their personal folder due to that they got overwritting the report rights.
Thanks.

Access Levels to change Universe

Hi
I have created a WebI template (with formated layout) based on a kind of 'dummy universe'.
The goal is that some 'power users' should be able to copy this template to their favorites and then change the universe to one they are allowed to use.
These 'ad hoc ' universes are accessible when you create a new webi report but when you want to change it to one of the other adhoc univereses then they are not viewable.
The current access levels let the power users choose an universe to work with. So that's OK.
But rights in the Access levels should be set on the universe (sub) folder where these adhoc Univ's are stored?
I assigned already these rights to the universe folder:
System - Connection   => Data Access
System - Connection   => Use connection for Stored Procedures
System - Connection   => View objects
System - Universe       => Create and Edit Queries Based on Universe
System - Universe       => Data Access
System - Universe       => View objects
We're working with BOE XI R3.1 sp 3 fixpack 5
Thx in advance for your answers
JP - BO Admin

Hi Jean-Pierre,
The only thing that comes to mind is the possibility that the universes are in a different domain, meaning different repository, etc. Do you all log into the exact same CMS/Infoview server?
If that is not the issue, then try creating a new user with the same access rights as yours, the one that can access the other universes, and see how that works, then change theirs to match, and then restrict them as necessary.
Hope that helps.

Access Level - WebI XI3.0/3.1

Hi all,
Is there any access levels like can able to edit WebI Reports but not Save?
thnx in Advance.
reddeppa k

Hi Reddeppa,
Hoffpauir's observation is correct and in order to attract more feedback that will serve your best interest, this thread will be moved to the appropriate section.
This is a quick mail to notify you that your question has been moved over to the Business Objects Administration section.
It is possible to set rights in Designer, however your question seems to be specific to the (CMC) central management console.
I hope this transfer will enrich your experince.
Kind Regards,
Ken

Access level - unknown rights

Hi,
I was trying to create customer access level in CMS, but when I tried include some rights into it, I failed because in the name field of many rights I see "Unknown right", so I don´t know which right is for what.
for example
Collection Type Right Name
Application CMC Unknown right
General General Unknown right
The same it is in predefined access levels Full Control, View, Schedule... there is a lot of rights with name "Unknown right" only few of them are filled with correct name. I was thinking it´s some king of bug or language problem.
Version of my BOE instalation is 12.3.0.601.
Any help is welcomed.

Thanks for really quick respond.
I tryed this solution about two days before, but it didn´t work for me. I´m located in Slovakia, so I was also trying to change language to English in internet explorer and on machine where the BOE is installed but it didn´t help. BOE was installed in English.
I have also another problem with access levels. When I create new access level and pres button Add/Remove rights it give me this error. Maybe the cause is the same in both this issues, maybe it´s absolutely diffiren problem.
Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException
+     org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512)+
+     org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:395)+
+     org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)+
+     org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)+
+     javax.servlet.http.HttpServlet.service(HttpServlet.java:802)+
+     com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:346)+
+     com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:152)+
+     com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:107)+
+     com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:245)+
+     com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:137)+
+     javax.faces.webapp.FacesServlet.service(FacesServlet.java:214)+
+     com.businessobjects.webutil.boetrustguard.BOETrustedRequestCreator.doFilter(BOETrustedRequestCreator.java:96)+
+     com.businessobjects.webutil.boetrustguard.BOETrustFilter.doFilter(BOETrustFilter.java:83)+
+     com.businessobjects.webutil.TimeoutCheckerFilter.doFilter(TimeoutCheckerFilter.java:99)+
root cause
java.lang.NullPointerException
+     com.businessobjects.clientaction.customrole.includedrights.IncludedRightsBean.initRightsForSelectedPlugin(IncludedRightsBean.java:212)+
+     org.apache.jsp.jsp.CustomRole_005fIncludedRights.rights_jsp._jspService(rights_jsp.java:148)+
+     org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)+
+     javax.servlet.http.HttpServlet.service(HttpServlet.java:802)+
+     org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334)+
+     org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)+
+     org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)+
+     javax.servlet.http.HttpServlet.service(HttpServlet.java:802)+
+     com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:346)+
+     com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:152)+
+     com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:107)+
+     com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:245)+
+     com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:137)+
+     javax.faces.webapp.FacesServlet.service(FacesServlet.java:214)+
+     com.businessobjects.webutil.boetrustguard.BOETrustedRequestCreator.doFilter(BOETrustedRequestCreator.java:96)+
+     com.businessobjects.webutil.boetrustguard.BOETrustFilter.doFilter(BOETrustFilter.java:83)+
+     com.businessobjects.webutil.TimeoutCheckerFilter.doFilter(TimeoutCheckerFilter.java:99)+
note The full stack trace of the root cause is available in the Apache Tomcat/5.5.20 logs.

How to change lookup code with Access Level as 'System'

Hi,
I need to append new lookup codes in a lookup type having access level as 'SYSTEM'. Is there any standard way to do the same or just updating the customization level column will do ? Please let me know if you have any solution for this.
Regards
Girish

You can also change the meaning on that value to something like "*** DO NOT USE***". This will make it obvious to the user that he/she should not choose it.
You can try to add a when-validate-record personalization to show error if someone selected a disabled value.
You can also try to modify the list of values associated with the field using personalizations.
If nothing else works, you can use a SQL to uncheck the enabled flag. The risks involved in this are well known.
Hope this answers your question
Sandeep Gandhi
Independent Consultant
513-325-9026

What is the use of access level

Hi Experts,
What is the access level and what is use of each option in access level
1 Application
2 Superior component
3. Top Component
4. Sap
5. Global
and in Details section what is the use Properties tab
1. Application Component
2. Software Component
3. Development Package
4. Settings Class
Please explain Each option use.
Thank you in advance,
Srini M.

Hi Srini,
just read the documentation (although the current status on SAP Help Portal isn't really up-to-date):
1. [Entry point|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/cc/85414842c8470bb19b53038c4b5259/frameset.htm]
2. [Setting an Access Level|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/32/6aba9c49fd41a5a14f710e121220f1/content.htm]
W/r to "Application Component" etc., docu on Help Portal is definitely not sufficient. Here, the following applies:
An application offers attributes for the application component and the software component. The application component and software component have to be the same as defined for the development package. Application and software component are automatically derived from the development package if they are not set explicitly.
For the definition of the development package, application component, and software component, we recommend that you choose the same values that are in effect for the software solution that you want to enhance by a new BRFplus application. This simplifies all activities related to the software infrastructure, especially transports.
CU
Claus

How to include group access level in a ws call

I want to include a Group Access Label in a Permission for a Course using an iTunes web service call.
I don't see how to do this in the docs.
(The example in iTunesUAdministratorsGuide.pdf at page 111 doesn't include the Group Access Label.
And it's not in the schema for the ws xml document at http://deimos.apple.com/iTunesURequest-1.0.xsd)
Is this an obvious omission or am I missing something? Anyone know how to do this?
Background:
We're creating most Courses programmatically.
Obviously, we'd strongly prefer not to require an administrator to go into every Course and manually add a common Group Access Label to the Permission. (This manual piece is essentially what's now missing from the ws call or at least from my understanding of it.)
Either way -- manually by an administrator or programmatically -- our instructors would then be able to set Permissions themselves on any Group they create -- doing this themselves and without the help of an administrator.

To resume with a little progress made:
I have a Section
* with Access Level == Edit for Credential == Instructor@...${IDENTIFIER} with no Group Access Label, and also
* with Access Level == Download for Credential == Student@...${IDENTIFIER} with Group Access Label == Student.
I'm doing ws calls to add a Course including an identifier. This is successful, and I can then go into the iTunes client as Instructor@...${IDENTIFIER} (substitution made) and manually add Groups and change Access to each individually. (I'm adding Groups "Download", "Shared Uploads", and "Drop Box", changing the Access Level accordingly for Group Access Label "Student".
But naturally I want to do the manual part programmatically, to save n instructors from having to learn how to do this same thing and then to do it.
So I'm trying to change my ws call to add the Groups, including Permissions. Schema http://deimos.apple.com/rsrc/xsd/iTunesURequest-1.1.xsd doesn't include Group Access Label for Permission. What does this mean?
I've tried the actual Credential == Student@...${IDENTIFIER} (with IDENTIFIER substitution made before the call) and also Credential == Student (to see if I'm supposed to match the Group Access Label, instead).
For either of these trials, the ws call successfully adds the Groups and a ShowTree includes the Permissions for the Groups. But in the iTunes client user interface, it's as if I gave no Permissions in adding the Groups.
Am I approaching this wrong or is there a bug here?
(I haven't tried yet a separate call to add the Group Permissions, not wanting to suffer the processing wait of getting handles for the three Groups.)
Anyone else doing this? (successfully or not ) Thanks.

The best way to implement user's access level via Servlet & JSP (or more)?

Hi all,
I am trying to implement user's access level in an application to allow certain access to certain page or components within a page (buttons, etc.). From my experience with JSP, Java, servlet, I am think of having the jsp/servlet to check for user's access level to decide what jsp components or forward page to go to next but that doesn't seem clean or elegant way to handle it.
Any suggestions of how to do this? Are there other technologies (Struts) out there that can handle this?
Thanks so much in advance for your feedback or suggestion,
Thong Bui

I haven't experienced a lot in defining security roles before, and there is probably a lot to learn about this area. However I might be able to assist you in some way. Whenever I have 2 or more objects that need to be stored in the session, I create a class called UserContainer. Say you have three properties:
empSsn (String) , isAdmin (Boolean), isAgent (Boolean), then:
public class UserContainer implements Serializable {
private String empSsn = null;
private Boolean isAdmin = null;
private Boolean isAgent = null;
public UserContainer() {
super();
public void setIsAdmin(Boolean isAdmin) {
this.isAdmin = isAdmin;
public Boolean getIsAdmin() {
return this.isAdmin;
// getters and setters for the other properties
Of course after you decide (in your sevlet) whether the app user is an administrator or an agent, you can set the corresponding property in the user container, and then save it in the session. Afterwords, in any jsp, you can decide to display a certain element (e.g a button) after you check the user's role. Example:
// Welcome.jsp
<% UserContainer userContainer = (UserContainer) session.getAttribute("userContainer");
boolean isAdmin = userContainer.getIsAdmin().booleanValue();
boolean isAgent = userContainer.getIsAgent.booleanValue();
if(isAdmin) { %>

<% } if(isAgent) { %>

<% } >Of course, this is a very simple way of doing such a task, you will find more secure ways if you look at LDAP or something of that matter.
Cheers

Is there an "Access Level" field on the "Send for Shared Review" screen (Pro X)?

I'm using Pro X, but haven't come across the "Access Level" field expalined in this on-line video http://tv.adobe.com/watch/learn-acrobat-x/getting-started-the-basics-of-reviewing/
Is this something you can enable?

It's only available if you select Acrobat.com as the review server.

Report Access level

Similar Messages

Maybe you are looking for