BusinessObjects Enterprise Administrator's Guide

Restricting access from the top-level folder

The first step is to set object rights on the top-level BusinessObjects Enterprise folder. This folder serves as the root for all other folders and objects that you add to the system. Each subfolder, report, or other object that you add to this top-level folder will inherit rights from this folder by default. So, by setting rights here first, you minimize the need to repeatedly customize object rights throughout your folder hierarchy.

With this procedure, you set security on the top-level folder in order to meet your first two security requirements:

• The majority of your reports should be inaccessible to most users.
• Administrators require Full Control access to all folders and objects on the system.

This procedure gives the Everyone group No Access to all published content. This is how you set the basis for a closed security model. Do not use advanced rights to explicitly deny rights to the Everyone group (or any other group) at the top-level folder of your BusinessObjects Enterprise system, because once a right has been explicitly denied, you have to break all inheritance patterns in order to grant the same right further down the folder hierarchy.

To change the rights on the top-level folder

1. Go to the Settings management area of the CMC.
2. Click the Rights tab.

You need only reduce the rights of the Everyone group.

3. Click the Access Level list that corresponds to the Everyone group, and select No Access.

Note:    If users access reports through BusinessObjects Enterprise, they will be unable to browse subfolders once you make this initial security setting. Users will, however, be able to search for reports by name or description.

4. Click Update.

The rights for the Everyone group are reduced and No Access is displayed in the Net Access column.

Now, your system meets your first two security requirements. The Everyone group is prevented from seeing all subsequently published content, and the Administrators group retains Full Control in order to maintain the system.

Now that you have created a closed basis for your object security model, you will increase access to certain folders within the system.

Related topics:    

• To proceed to the next step in this tutorial, see Increasing access by descending the folder hierarchy.
• To return to the beginning of this tutorial, see Setting up a closed system of increasing rights.