we have 9 users that are all assigned to the default Administrator group. Now, for 4 of them, we want to adapt the rights slightly: they should have Administrator rights on everything in BI, except for a few specific things that they are no longer allowed to do: basically making sure that they can no longer see/refresh/excecute/change certain WEBI reports with sensitive HR-data in them
Translated into specifics i think i need to make sure they can
All other actions as BI admin they should be able to do!
First i was thinking of creating a new custom user group like "Admin_Light", assigning them into that group and removing them from the standard Administrator group, but then i fear i will never be able to allow this new group the necessary right on each application, folder, etc... that is relevant
Then i was think i could maybe create a 'negative group' for them: leave them in Administrator but also assign them to another group which i can then use to block them from the mentioned actions above, but not sure if this will work (if you grant them rights in one group, and disallow them in another group, what will be the result?)
Any advice or suggestions on how i can best solve this?