on 09-07-2023 2:54 PM
Hello,
A user mistakenly sent reports (containing confidential data) to all BI accounts, which posed security issues.
Some users, check the «Everyone» box when selecting recipients and forget to delete the selection before sending (see attachment "Send BI report_part_1.png").
After searching the CMC, we did not find a parameter that could remove the check mark of «Everyone» so that the mishandling is not repeated.
However, users must be able to send a report to any BI account (see attachment "Send BI report_part_2.png").
Is it possible to remove the “Everyone” check mark when selecting the recipient? Or make it inactive?
Version : 4.3 SP 2 Patch 9.
Thanks for your help,
Blandine
It was a big mistake to explicitly deny the most powerful rights (the “View” right) to one of the essential top-level objects like the "Everyone" group.
Therefore, NEVER explicitly deny "View" rights for top-level objects such as (Groups, Users, User Folders, Universes, etc.).
The only way to fix the problem is to use the "CMS Server Console" to add the principal "Administrator" and give it "Full Control" rights to the "Everyone" group.
after that, logon on CMC with the User "Administrator" and correct the "View" rights.
To do this, see my answer
https://answers.sap.com/questions/13911208/top-level-security-on-personal-folders.html
(Note: Set "Everyone" ID instead of "User Folders" ID in Setrole)
....
I hope this solves your problem and helps.
... and as always said: DO NOT do it if you don't know exactly what you are doing......
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you Ayman Salem!
The "Everyone" group has reappeared in the list of groups (for the "Administrator" account) using the link:
https://answers.sap.com/questions/13911208/top-level-security-on-personal-folders.html
For information, the command used is:
setrole 12 1 622
User | Count |
---|---|
74 | |
10 | |
8 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.