BusinessObjects Administration - Custom Access Levels
Another interesting feature in business objects, Custom access level is going to be the topic of discussion for this blog. Please note the custom access levels are introduced only from Business Objects 3.0 onwards.
As you all know Access levels are groups of rights that users frequently need. They allow administrators to set common security levels quickly and uniformly rather than individual rights to be set one by one. Business Objects comes with several predefined access levels. Beginning with View and ending with Full Control, each access level builds upon the rights granted by the previous level. We can also create and customize your own access levels. This will greatly reduce administrative and maintenance costs associated with security.
Predefined Access Levels
Below four are list of predefined access levels and associated list of right(s).
|Access level||Description||Rights involved|
|View||If set on the folder level, a principal can view the folder, objects within the folder, and each object’s generated instances.||
|Schedule||A principal can generate instances by scheduling an object to run against a specified data source once or on a recurring basis. The principal can view, delete, and pause the scheduling of instances that they own.||View access level rights, plus:
|View On Demand||A principal can refresh data on demand against a data source.||Schedule access level rights, plus:
|Full Control||A principal has full administrative
Control of the object.
|All available rights|
* Principle refer to User group or User
Access levels in CMC
|Granted||The right is granted to a principal.|
|Denied||The right is denied to a principal.|
|Not Specified||The right is unspecified for a principal. By default, rights set to Not Specified are denied.|
|Apply to Object||The right applies to the object. This option becomes available when you click Granted or Denied.|
|Apply to Sub Object||The right applies to sub-objects. This option becomes available when you click Granted or Denied.|
Custom Access Levels
Consider a situation in which an administrator must manage two groups, Marketing managers and Marketing employees. Both groups need to access ten reports in the Business Objects Enterprise system, but Marketing managers require more rights than marketing employees. The predefined access levels do not meet the needs of either group. Instead of adding groups to each report as principals and modifying their rights in ten different places, the administrator can create two new access levels, Marketing Managers and Marketing Employees. The administrator then adds both groups as principals to the reports and assigns the groups their respective access levels. When rights need to be modified, the administrator can modify the access levels. Because the access levels apply to both groups across all ten reports, the rights those groups have to the reports are automatically updated.
We can create a new custom access level either start from the scratch or copy the existing access levels. We can also add/remove set of rights from existing custom access level from the existing custom access level.
Right Click on the Custom Access level and Select Included Rights.
And you will get the screen like below. Select the appropriate rights as per the requirement,
Then click OK to complete.
Finally you can assign the Custom Access level against each User group/User on a particular folder.
Administrator will get the best benefits out of this because they will get-rid of the traditional rights assignment using Advanced rights option. Also It is easy to manage the rights when they are grouped together.
Feel free to leave your comments. Thanks for reading!