Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CE 9 security with an and?

Status
Not open for further replies.
lyanch

lyanch

Programmer
Feb 12, 2002
1,048
US
My users are broken up into two sets of groups. The first set is a security setting and the second set is a function setting. Right now I have to create numberous groups based upon the the two types of groups. For instance sales has three groups:

sales X general
sales X secure
sales X Special

I would like to be able to maintain for instance, secure as a group and sales as a group and have the sales x secure group by having reports show CE security requiring BOTH sales and SECURE group instead of making all the combinations.

It is starting to turn into a maintenance nightmare..

Can CE9 handle this? Any third party solutions?

Thanks in advance

Lisa
 
Sort by date Sort by votes
It depends how many groups you really have as to how difficult it would be, but I think that you may be able to do this with the built in security model. For example, lets say that you have Sales and Accounts groups and each member of those groups would also be a member of General, Secure or Special. Now, if you want to restrict a report to users that are a member of both Secure and Sales you could just set the deny access right for each of the other groups on that report and the allow access right for both Sales and Secure. Deny overides Allow in the case of conflicting rights, so only users that are members of both the Sales and Secure groups could access the report. The downside is that whenever you add a new group you'd have to go through and set the deny access property on all of the reports that you don't want them to see, but you could use your folder structure and rights inheritance to help with this.

Hope this helps...
 
Upvote 0 Downvote
Okay.. took me awhile to get around to testing this but I am not sure that CE8 works that way.

I created a testuser and two testgroup, tgroup1 and tgroup2.

I made tuser a member of both groups.

I went to a report that was already secured (ie everyone has no access) and gave full permissions to tgroup1 and denied all access to tgroup2.

According to what I read above, tuser should not have access because tgroup2 is denied, and tuser is a member of tgroup2. In fact, because tuser was a member of tgroup1, tuser could access the report.

I kind of suspected that would be the way it works since denying access to "everyone" doesn't affect giving permissions to other groups...

Does this work differently in CE9??

Any other ideas??

Thanks in advance,

Lisa
 
Upvote 0 Downvote
Sorry that it's taken me so long to reply. I think that this must have changed in CE8.5 or CE9 then - this comes from the CE9 admin guide:-

"As the result, when both types of inheritance are enabled, the APS grants the user only those rights that are explicitly granted in one or more locations and never explicitly denied."
 
Upvote 0 Downvote
Thanks.. one more reason to upgrade to 9...

Lisa
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lavadan
  • Locked
  • Question
Export to excel with drop down data
Replies
2
Views
205
hilfy
hilfy
allyne
  • Locked
  • Question
Hello, I have a main report and a
Replies
1
Views
177
kray4660
kray4660
hpl2001
  • Locked
  • Question
BI4/Crystal 2016 upgrade issue with scheduled reports
Replies
1
Views
189
hilfy
hilfy
allyne
  • Locked
  • Question
RE: Sub Reports with parameters 1
Replies
3
Views
194
allyne
allyne
Statey603
  • Locked
  • Question
Input Parameters screen issues: multi-line and width
Replies
0
Views
177
Statey603
Statey603

Part and Inventory Search

Sponsor

Back
Top