BusinessObjects Enterprise Administrator's Guide

Changing default rights on the top-level folder

The first step is to set object rights on the top-level BusinessObjects Enterprise folder. This folder serves as the root for all other folders and objects that you add to the system. Each subfolder, report, or other object that you add to this top-level folder will by default inherit rights from this folder. So, by setting rights here first, you minimize the need to repeatedly customize object rights throughout your folder hierarchy.

With this procedure, you set security on the top-level folder in order to meet your first three security requirements:

• Everyone must be able to view the majority of your reports.
• Administrators require Full Control access to all folders and objects on the system.
• Sales Managers are allowed to refresh most reports against the database to view the most recent data.

To change the rights on the top-level folder

1. Go to the Settings management area of the CMC.
2. Click the Rights tab.

By default, the Everyone and the Administrators groups are granted access to this folder. You now need to reduce the rights of the Everyone group and to increase the rights of the Sales Managers.

3. Click the Access Level list that corresponds to the Everyone group, and select View.
4. Click Update.

The rights for the Everyone group are reduced and the View access level is now displayed in the Net Access column.

Now you will customize the top-level rights for the Sales Managers group.

5. Click Add/Remove.

The Add/Remove page appears.

6. In the Select Operation list, click Add/Remove Groups.
7. In the Available groups list, select Sales Managers.
8. Click the > arrow; then click OK.

You are returned to the Rights tab on the Settings page. Ensure that you grant the Sales Managers group View On Demand access. If necessary, change the Access Level list and click Update. This provides the Sales Managers group with sufficient rights to refresh reports.

Now, your system meets your first three security requirements. The Everyone, Administrators, and Sales Managers groups will initially inherit these rights for any folders, subfolders, or reports that you subsequently publish to BusinessObjects Enterprise. You might, for instance, create folders for all of your generally accessible inventory reports, customer list reports, purchasing order reports, and so on.

Now that you have created an open basis for your object security model, you will proceed to restricting access to certain folders within the system.

Related topics:    

• To proceed to the next step in this tutorial, see Decreasing rights to a private folder.
• To return to the beginning of this tutorial, see Setting up an open system of decreasing rights.