cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

users / groups top level security bo xi 3.1

former_member642335
Explorer

on ‎09-18-2014 5:23 PM

0 Kudos

hi,

currently I am setting up a new security in BO XI 3.1 SP 6. And there is something, which I do not understand.

The principal everyone are having for users / groups the following default values at the rights "delete objects" and "edit objects" denied for only this object (top level). The BO-group administrators have the full control right for users / groups (top level).

Now there are users, who are member of the everyone and administrators groups.

If I understand the BO documentation correctly, allowed by administrators group and denied by everyone group the result must be denied. But it is not?!

Where am I wrong?

I also have the same issue with custom groups and everyone.

Thanks for help in advance!

Mark

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎09-18-2014 6:20 PM
0 Kudos

Hi Mark,

As correctly said by you, by default the Principal Administrators (group) will have Full control on Users/Groups top level.

But if you check advanced granular rights, the Delete Objects and Edit Objects is still denied for Administrators.

Note that this denied right is for Object Users/Groups and not Sub-objects

In Advanced Tab  of Assign Security check Column "Apply To" . The deny right is for 'Object Only'

It means that The user in Everyone and Administrators group can create/edit users. The right will not be denied.

To explain in short.

Users/Groups section in CMC is an object.

The Users and Group created are its Sub Objects

The right is denied for Object Users/Groups but not the Sub Objects.

That is why user is able to edit the SubObjects

The only thing confusing is whether the right is applied to Object, or applied to Object and Sub Object

Hope it helps

-Anupam

Show replies
Show replies
former_member642335
Explorer
‎09-18-2014 6:35 PM
0 Kudos

Hi Anupam,

thanks a lot for your explaination. So far so good. 🙂

But why could a member of everyone and administrators change the top-level-rights? It is denied by the principals everyone and administrators. Or?

Mark


Ask a Question