on 09-18-2014 5:23 PM
hi,
currently I am setting up a new security in BO XI 3.1 SP 6. And there is something, which I do not understand.
The principal everyone are having for users / groups the following default values at the rights "delete objects" and "edit objects" denied for only this object (top level). The BO-group administrators have the full control right for users / groups (top level).
Now there are users, who are member of the everyone and administrators groups.
If I understand the BO documentation correctly, allowed by administrators group and denied by everyone group the result must be denied. But it is not?!
Where am I wrong?
I also have the same issue with custom groups and everyone.
Thanks for help in advance!
Mark
Hi Mark,
As correctly said by you, by default the Principal Administrators (group) will have Full control on Users/Groups top level.
But if you check advanced granular rights, the Delete Objects and Edit Objects is still denied for Administrators.
Note that this denied right is for Object Users/Groups and not Sub-objects
In Advanced Tab of Assign Security check Column "Apply To" . The deny right is for 'Object Only'
It means that The user in Everyone and Administrators group can create/edit users. The right will not be denied.
To explain in short.
Users/Groups section in CMC is an object.
The Users and Group created are its Sub Objects
The right is denied for Object Users/Groups but not the Sub Objects.
That is why user is able to edit the SubObjects
The only thing confusing is whether the right is applied to Object, or applied to Object and Sub Object
Hope it helps
-Anupam
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.