cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

"Closed" security model in BOXI 3.0

Former Member

on ‎09-13-2008 4:01 PM

0 Kudos

Hello,

Is it possible to create a closed security model in BOXI 3.0? In BOXI R2 we simply set the everyone group to no access in the settings area. I do not see the same functionality in 3.0. Am I missing something?

Thanks

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎09-13-2008 10:37 PM
0 Kudos

Thanks Will. You have confirmed that it is how I was thinking it is in 3.0 and I like your solution. Thanks

Show replies
Show replies
BasicTek
Advisor
Advisor
‎09-14-2008 2:14 PM
0 Kudos

Hi all,

Just wanted to add a little bit on XI 3.0 security. It's my understanding that 3.0 is fairly closed by default in some areas (such as root folders) but a little more open in others (such as applications). Also a very kewl feature is the custom access lists, where you can create your own level of initial security or modify existing ones. This allows 1 point of editing as opposed to XIR2 where permissions needed to be set per folder, app, universe, etc.

So in example to close security in R2 you needed to edit every root lovel (folders, universes, applications, etc) and set no access. Now you can create an access level that has no access to everything just once in XI 3.0 and above)

Regards,

Tim

Former Member
‎09-13-2008 4:35 PM
0 Kudos

Start with your "All Folders" level under folders, right click and navigate as follows:

Manage > Security > All Folders Security

This will bring you to the User Security: Root Folder page. You should see at least 2 user groups - the second is the Everyone Group. Select that row, then click on Assign Security.

Show replies
Show replies
Former Member
‎09-13-2008 4:58 PM
0 Kudos

Thanks. I know how to assign security, but the issue is if you set the everyone group to No access at the root and then add a specific group to a child folder they cannot see it. The power of the closed security model prior to 3.0 was you could turn off access to the root and Everyone would not see any folders by default. In 3.0 it seems you have to allow view access on the root in order to see any of the folders below it. This means anytime you add a folder to the root level everyone can see it be default. You then have to turn off access manually for each new folder. Am I mistaken?

Former Member
‎09-13-2008 9:53 PM
0 Kudos

Let's say you have a folder at the root level showing California Orders. And you want only users of the California group to see (the folder) California Orders:

You turn off access to the Everyone group at the root. Then you create a group called California and assign users to the Califonia group. Then you assign view or schedule of VOD (etc...) access levels (group of rights) to the Califonia group ON the California Orders folder.

You wrote: This means anytime you add a folder to the root level everyone can see it be default. You then have to turn off access manually for each new folder.

No. So long as you set no access at the root level to the Everyone group, new users have to be assigned to a group in order to see folders under the root level. This works by virtue of the fact that the user's effective right is the maximum right based on all group memberships. They have No Access based on being members in the Everyone group (default for ALL users), but then they have a higher right based on belonging to the California group.

Former Member
‎09-13-2008 10:24 PM
0 Kudos

Thanks, but does that work in 3.0? That is what we would do in R2, but it seems that you must give the California group view access on the root to even see the California sub folder. So any folder in the root would also be seen unless you removed access on each folder individually.

Former Member
‎09-13-2008 10:31 PM
0 Kudos

Mark... I was in the middle of clarifying my answer when you replied.... This answer overrides the one above... And yes, 

So any folder in the root would also be seen unless you removed access on each folder individually

Let's say you have a folder at the root level showing California Orders. And you want only users of the California group to see (the folder) California Orders. And you don't want them to see say, the New York Orders folder.

You turn off access to the Everyone group at the root. Then you create a group called California and assign users to the Califonia group. Then you assign view to the California group at the root level. Then specifically on the California Orders folder, assign whatever other rights (schedule, VOD, Full)...

You're right when you say

This means anytime you add a folder to the root level everyone can see it be default. You then have to turn off access manually for each new folder.

In this example, you'd have to assign No Access to the New York group on the California Orders folder. The best way to handle this is to create a hierarchy of parent-child groups. So in this case, if we had say Asian & European Customers, we'd start assigning View privilege at the root by rolling up the California, New York etc.. in a US Customers group - and that way not have to set too many No Access'...

Ask a Question