on 09-19-2013 8:50 AM
Hello,
In fact, that it worked when I add the user to "Universe Designer" group, I've investigated a little further. It seem's the solution ist, the user, or user group needs "Full Control" on top level for universes.
I've now granted "Full control" on top level universes for my "All company users" group, but erased the access then on the subfolder universes, so every one see's just the universes his department-group is allowed to.
The "full control" is only on top level an inherited no further down. But this seems to work.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Marco,
In the CMC navigate to "Universes" and chose there "Manage" -> "Top-Level Security" -> "Universes". Then add the Group you want to and give full controll.
I've the deleted the group from every universe by assigning security and unchecking the "Inherit from parent" box.
That worked fore me.
Connection has "View" rights, too.
Hi Everyone,
Really interesting topic this. We're having the same problem, but with a twist.
We do not want Everyone to see all universes in BI Suite. We therefore have Everyone set to No Access on the top level Universes but we grant specific groups access to universe folders underneath. This works really well in Webi. People can only see what they are meant to see.
But this configuration doesn't work with Explorer. I get the error above, whether I go in as a Standard user or as a Pro licence holder.
To get it to work, I had to set Everyone to Full Control at the top level and let this be inherited downwards. Now for sure Explorer works, but within Webi, the same user can now see all universes and run reports against it!
I find it really hard to believe that it is not possible to provide granular access to both Webi and Explorer content at the same time.
Any ideas?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi
I had a similar problem.
Please try this...this worked for me.
CMC > click on Connections
Navigate to the connection object, right click on the connection name and choose "User Security"
Click Add Principle and either add the user or a group the user belongs to. Click "Add and assign security"
Choose the "View" access level and move to the right side. Choose OK.
Thanks
Sandeep
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Try after adding users "Universe Designer" group in CMC.If it doesnt work, can you explain your security mapping on folders level.
Utku Sancaktar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
If you are using sap authentication and WinAD authentication both, you got same problem.You can not resolve it by changing security.You should disable connectionservers and add new ones.After that you will see that your security is working ok.I think your patch level is SP5.This is a kind of bug.You should try upgrading your system to SP6 patch4 or SP7.
Utku Sancaktar
Hi Utku,
Thanks for your quick reply!
We're only using the WinAD authentication. What do you mean with disable connection servers and add new ones? Sorry, not that technical. I created a new .UNX Universe because the current Explorer doesn't works with .UNV Universe formats.
We've installed service pack 4.x and are thinking about upgrading to service pack 6 or 7.
Regards,
Marco
Hello,
I've also tested it adding the user to universe-designer group. Then it works. The strange thing is, I had already granted the user directly FULL CONTROL on universe, connection, and information space as well as Explorer application.
We're on BO 4.0 SP6 Patch5.
But I also don't want to give them Universe Designer rights.
As for my security mapping on folders, its as following:
I've a group called all_company users which has view on top level folder and view on demand on Webi Application.
Then I have subdirectories, like Marketing or Controlling. On these folders I've erased the view for all_company group.
On each subfolder the according group like eg. marketing_group has view on demand rights.
What I would like to do is, give some users of the marketing group access to BO Explorer und let them see only the Information Spaces in the Marketing folder. The should be able to use WebI and Explorer but nothing else. And further see only their folders and universe they are granted by marketing_group.
But as discriped curretly I'm just trying to get access at all for an user without adding him to administrators.
Description of security mapping added. Message was edited by: Stefan Riegel
Hi Stefan,
Kindly mention the Explorer version.
Also, please have a look at:
http://service.sap.com/sap/support/notes/1808413
This SAP Note mentions one particular defect with user rights in Explorer. To confirm this, you can try indexing the InfoSpace with the same user and compare the error message which is mentioned in there.
Also, let me know if you have assigned rights Full Control at the Top Level for universe and connection or you have given rights explicitly to specific universe.
Regards,
Nakul Mehta
Hello Nakul,
Explorer Version is the same, Explorer 4.0, SP6P5.
For testing I've appllied full control to the used UNX universe, the inforamtion space, the used connection and also to explorer app.
The information space was created with admin user. Normal user should not be able to create spaces, just to explore.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.