Rights are the base units for controlling user access to the objects, users, applications, servers, and other features in BusinessObjects Enterprise. They play an important role in securing the system by specifying the individual actions that users can perform on objects. Besides allowing you to control access to your BusinessObjects Enterprise content, rights enable you to delegate user and group management to different departments, and to provide your IT people with administrative access to servers and server groups.
It is important to note that rights are set on objects such as reports and folders rather than on the principals (the users and groups) who access them. For example, to give a manager access to a particular folder, in the Folders area, you add the manager to the access control list (the list of principals who have access to an object) for the folder. You cannot give the manager access by configuring the manager's rights settings in the Users and Groups area. The rights settings for the manager in the Users and Groups area are used to grant other principals (such as delegated administrators) access to the manager as an object in the system. In this way, principals are themselves like objects for others with greater rights to manage.
Each right on an object can be granted, denied, or unspecified. The BusinessObjects Enterprise security model is designed such that, if a right is left unspecified, the right is denied. Additionally, if settings result in a right being both granted and denied to a user or group, the right is denied. This denial-based design helps ensure that users and groups do not automatically acquire rights that are not explicitly granted. There is an important exception to this rule. If a right is explicitly set on a child object that contradicts the rights inherited from the parent object, the right set on the child object overrides the inherited rights. This exception applies to users who are members of groups as well. If a user is explicitly granted a right that the user's group is denied, the right set on the user overrides the inherited rights.
|
Copyright © 2010 CA.
All rights reserved.
|
|