Skip to Content
avatar image
Former Member

BusinessObjects Administrator Rights

Dears, Kindly i need to remove access from administrator user

for example i don't want the administrator user to see the sql query in WEBI

so i denied the enable editing Permission

and it works fine that the administrator can't edit the sql query

the problem is that the administrator user can change the rights for him self

so he can grant the permission again via CMC

i want to make new user called admin that will be super user in the system and make the administrator normal user

how can i permit the administrator from editing the security for him self or for any other user?

also can i remove the administrator from the administrators Group?

Thanks :D

untitled.png (5.3 kB)
untitled.png (5.3 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Dec 19, 2016 at 03:39 PM

    Also, there are some things in the system that need to be done when you're logged in as Administrator. I would create a new Admin ID as Kuldeep said, where you can give out the password and then change the password for the default Administrator user so that the people who are using it now can't.

    You would give the new ID the limited Admin rights and also deny the new user access rights to the Administrator user so that they can't change it.

    -Dell

    Add comment
    10|10000 characters needed characters exceeded

  • Dec 20, 2016 at 09:37 PM

    What you're asking for is not possible, and for good reason. The Administrator user has Full Control access to everything. It is the one user that can always be used to restore accidentally-revoked security rights. Put simply, you can't prevent Administrator from performing anything.

    As others mentioned, the recommended approach is to change the password for Administrator, keep it in a safe place, and create a new user with fewer rights.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 23, 2016 at 08:46 AM

    Actually, we did achieve(90%) this with delegated admin concept.

    We locked the admin account and given a delegated admin for application owners. We used securely modify rights users have to objects privileges.

    Hope this helps!

    As far as i know, no other product in the market got this much option to control the privileages.

    Add comment
    10|10000 characters needed characters exceeded

  • Dec 19, 2016 at 11:36 AM

    Why would you want to remove/modify the Administrator user permission? I don't think anybody would recommend that. If you want change the password for Administrator and create a new Admin user who has the same permission as Administrator and dont use the default user at all.

    I am curious to know, what are you trying to achieve?

    Add comment
    10|10000 characters needed characters exceeded

    • I think you should go back to the business and say you can't delete the Administrator user. I bet if you raise a request with SAP to get this confirmed you will get the same answer.

      Ideally what you should be doing is change the password for Administrator and create new alias to Admin user and give them that access and keep the Administrator password with you safe and secure or whomsoever it is meant to be with.