cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User Access to InfoView Folder Structure

Go to solution
Former Member

on ‎09-30-2008 4:33 PM

0 Kudos

I have a general question on InfoView.

I have an installation that will have 30 folders containing standard reports for 30 different groups. I need to allow users to view only the folder that pertains to their group and not any other. I donu2019t want managers in my area to see reports from other stores, and so I donu2019t want them to have to navigate through all of the folders, only the ones for their store. I have created an all users group to give everyone access all folders. I then add the stores group to their folder. Unfortunately they still see all other folders.

My fix is to have 2 groups for each store. One with the stores group, and one named u201CNotStorexu201D which contains the other 29 groups. I use this to remove access to the folder for the other 29 groups. This works but it seems cumbersome.

My question is there any way to grant only 1 group access to the folder? Being from a programming background what I am looking for an exclusive or for the folder. Does any such function exist?

Thanks in advance for any assistance that can be provided.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-30-2008 5:26 PM
0 Kudos

Scott,

It is certainly do able and I have implemented more complex security requirements. You need to create a folder and then 30 subfolders for your stores. On the main folder give View right to the supergroup that contains all of these users. On the sub folders, give specific rights to the group(s) you want these folders to be accessed by. Also, make the inherited rights for SuperGroup No Access at the subfolders.

This should resolve the issue. Please let me know if you have any questions.

Kashif

Show replies
Show replies
Former Member
‎09-30-2008 5:36 PM
0 Kudos

Why use the supergroup when the Everyone group already contains all users?

Also, correct me if I'm wrong, but I believe best practices suggest a closed security model (where access is closed by default, given as necessary) as opposed to an open security model (where access is open by default).

Former Member
‎09-30-2008 5:54 PM
0 Kudos

Sri,

How can you implement a closed security model if you have to have 'View' to EveryOne at the root level? Can you please explain? You have to have View at the main folder level to view the stuff in the subfolders. This negates the Closed rights architecture. Please correct me if I am wrong.

I'd love to find out if someone has successfully implemented a true closed ended architecture in XIR2.

The reason i used SuperGroup is because there might be a situation where this SuperGroup is used for other stuff like giveing access to all subfolders. Would you like to give access to all subfolders to EveryOne? I guess not:)

Kashif

Edited by: Kashif Saeed on Sep 30, 2008 6:55 PM

Former Member
‎09-30-2008 6:33 PM
0 Kudos

First a correction: The default right is Schedule and not View as I mentioned earlier.

I said to give the Everyone group the No Access right on each of the sub-folders of the root folder.

The reason i used SuperGroup is because there might be a situation where this SuperGroup is used for other stuff like giveing access to all subfolders.Would you like to give access to all subfolders to EveryOne? I guess not:)

As far as I can see, the SuperGroup you define does seem to contain every user.

Oh and finally, most people don't quite like sarcasm.

Former Member
‎09-30-2008 6:43 PM
0 Kudos

Sri,

I used the name SuperGroup just an example. It does not have to be this name. The concept is that it will have all the users for this project, not all the users in the enterprise.

I hope that clarifies it. Secondly, my apologies for the sarcasm but please help me understand how can one implement a true closed ended architecture in XIR2? In my humble opinion, it is not possible.

Thanks,

Kashif

Former Member
‎09-30-2008 7:00 PM
0 Kudos 
I hope that clarifies it. Secondly, my apologies for the sarcasm but please help me understand how can one implement a true closed ended architecture in XIR2? In my humble opinion, it is not possible.

Give the Everyone group the No Access right at the root level. This means that every user that does not have at least a View right at a more granular level will not be able to access any subfolders of the root. The only folders he will be able to access are the Favorites folder and Inbox.

Former Member
‎09-30-2008 7:05 PM
0 Kudos 
Give the Everyone group the No Access right at the root level. This means that every user that does not have at least a View right at a more granular level will not be able to access any subfolders of the root.

In my humble opinion, this does not work. XI security is built on Windows security model and you have to have access to the main folder to get to subfolders.

Scott, why don't you try what Sri and I are saying and update this thread with your findings.

Kashif

Former Member
‎09-30-2008 7:11 PM
0 Kudos

I did try it (on both R2 and 3.0). Seems to work.

XI security is built on Windows security model

I concur.

PS: The No Access right is not the same as removing access.

No Access simply implies that all rights are set to undefined. This is the reason it works.

Answers (3)

Answers (3)

Former Member
‎09-30-2008 7:45 PM
0 Kudos

Hello Kashif and Srinivas,

I want to thank you both for your input. I did not mention it, but I am implementing my solution on XI R3 not R2. I have attempted to use the closed security model suggested, and it seems to be working. I do not know if the same is possible in release 2. I had used that in the past which is why I was going down the u201Csuper useru201D solution also mentioned, but the u201CNo Accessu201D method is much cleaner (Thank You Release 3).

I am closing this thread as either solution would have worked.

Once again thank you both. I hope all my questions get these quick and robust solutions.

Scott

Show replies
Show replies
Former Member
‎09-30-2008 7:48 PM
0 Kudos

This works in XI R2 too....and you're welcome

Former Member
‎09-30-2008 6:40 PM
0 Kudos

Scott,

There may be a different way to look at the entire setup you have.

If your reports come from one or a few (different) universes, it might be easier to set up access restrictions on the universe level (either via Access restrictions or via a security table).

This way, you only need to have one folder with all the reports (which are set to refresh on open).

When a user logs in, views a report, he only sees data he is supposed to.

The caveat is that creating scheduled reports becomes a little more complex.

Best.

Srinivas

Show replies
Show replies
Former Member
‎09-30-2008 5:23 PM
0 Kudos

Ok. Create 30 groups, one for each store. Add each manager to the group for his store.

For example, lets assume your stores are Store1, Store2, Store3 and your managers are Manager1, Manager2 and Manager3. Lets assume the folders are named Folder1, Folder2 and Folder3.

Manager1 belongs to Store1, Manager2 belongs to Store2 and Manager3 belongs to Store3

Now, by default, all your users belong to the Everyone group (this can't be changed).

So, for all your folders (all 30 of them), set the permissions on the Everyone group to No access and give View on Demand (VOD) access to the required store.

So, for Folder1, the Everyone group has No Access. Store1 has VOD rights.

Again, for Folder2, the Everyone group has No Access. Store2 has VOD rights.

.

.

.

And so on for all your folders.

Please note that best practices suggest that rights are assigned on a group/folder level and not on an object level. While this does entail more work, it makes user/rights management much more manageable in the long run.

Show replies
Show replies
Ask a Question