Skip to Content

BusinessObjects Folder Security

I have a user group that runs Web Intelligence reports. I've noticed that when they run these reports they have access to the Open button and they can see folders that I don't want them to see. In fact, I would prefer that this group not have access to the Open button at all, as the link they use should execute this report and only this report. The security for these folders shows that this group has 'View On Demand (Inherited)' listed, and I can't remove it. How do I get this security the way I want? Is there a good CMC security document somewhere?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Sep 13, 2017 at 03:08 PM

    If you can't remove/change a right - you do not have enough access.
    Try using Administrator account. If you're doing this with The Administrator account, then you should be investigating this with SAP support, under BI-BIP-ADM component.

    My understanding is that you have a group of users, who you do not want to have ability to open reports, you only want them to be able to schedule them. Is that correct ?

    CMC security is explained in the Administrator Guide.

    Add comment
    10|10000 characters needed characters exceeded

  • Sep 13, 2017 at 08:06 PM

    Hi Jeff,

    In addition to Denis's recommendations,

    1. If you do not want the sub-folders to inherit permissions from parent folders:

    >> Go to the sub-folder's user security >> uncheck the inheritance options.

    2. Another way to do this is through configuring permissions appropriately on parent folder: >> Go to parent folder's user security >> advanced rights >> for 'view objects' and 'view objects that user owns' >> check the appropriate option under 'apply to only object' and/or 'apply to objects and sub-objects' as needed.

    To identify what rights are assigned to a particular user/group on an object and where they are inherited from, refer KBA 1862378.

    You can also pick some references from KBA 1542972 - How to create an Access Level so that Users/Groups are able to see Public folder but not the contents inside it.



    Add comment
    10|10000 characters needed characters exceeded

  • Sep 14, 2017 at 12:25 PM

    You've got options.

    If you simply want to remove the "Open" button from being displayed in Reading mode, then you can do that. In CMC -> Users & Groups -> Customization -> Web Intelligence Application -> Reading mode toolbar -> File Group -> Open.

    However, the fact that the users are seeing reports that they shouldn't be, tells me that security is not set up correctly. Even if you do the above, the users may still be able to access the reports via BI launchpad. Or, via modifying the openDocument link that's used to open the report.

    Are the reports that they should see and the reports they should not see all in the same folder? If so, I would suggest creating another folder for the restricted reports, assign security appropriately, and move the reports there. Alternatively, you could assign rights to specific reports, but this is generally not a good idea.

    If the reports are already in separate folders, then the security on the folder containing the restricted reports is not set correctly.

    You said that you can't remove the access -- so I assume you intend to remove the access to the folder and its contents. To do this, click Assign Security for the principal, and then uncheck both "Inherit from Parent Group" and "Inherit from Parent Folder" boxes.

    Add comment
    10|10000 characters needed characters exceeded