Denying Users Access to CMC or LaunchPad

[dmurray00]

I'm looking to deny all users from having access to any of the Crystal Administrative tools server/admin tools (ie: CMC, CCM, et al). I can see how to set up report, group, and folder rights but non for administrative areas. I want to implement security regardless if they find the url for the Launchpad.

Any advise is greatly appreciated.

 

[Turkbear]

In order to block that level of access you need to modify the security settings on the Web Server..Beware of unintended results however..It may require all your users to be authenticated before using any of the CE pages..

 

[synapsevampire]

Remove the CCM, and use only the Administrator account on the CMC, which no user would have the password for. You might also customize the CSP in the CMC to check authentication upon arrival and redirect if they aren't authenticated by CE.

If you disallow all users (including the Administrator) from using anything, how could you ever add or modify anything?

-k

 

[dmurray00]

Thanks for the replies.

So, my options are either implementing server level security groups or possibly creating a virtual directory to direct all users away from the CMC url and directly into the eportfolio log in screen.

Sound like a plan??

Thanks.

 

[rhinok]

I don't understand why this is an issue...

Users (8.5 and above) shouldn't have access to any of these tools unless you installed Crystal Enterprise on their machines (CE 8 dropped Users into the Launchpad when you clicked the <Cancel> button after logging out of ePortfolio).

The only way users should ever see anything related to Crystal Enterprise is if you give them the URL. The only URL you should ever publish for them is the one that points to ePortfolio (or your custom front-end, dashboard, etc...).

If you've installed Crystal Enterprise on their machines, then it should be removed. If you've published a URL to Launchpad (which includes access to a variety of Administrative tools) then remove the link and publish only the link to ePortfolio. This will solve the problem for most users. If they've saved links as favorites then you've got to do some legwork to remove those favorites.

You shouldn't need to set any server-side permissions or redirects unless you've got hackers for users, in which case you've got bigger problems;-)

If you're still using CE8, then you can modify the logonform.csp script so that it doesn't redirect users to the Launchpad after clicking the Cancel button. Do a search for 'cancel' within the file to find the script to change or remove. I typically rename the button as 'Exit' and subsitute the following link (which prompts the user to close the browser window) for the redirect:

href='javascript:window.close();'

Tip: copy logonform.csp and save it as logonform.csp.old. You can then modify logonform.csp, reverting back to the original if necessary.

 

[Apollo21]

I have found that pointing the client (user) to the e-protfolio in C.E. 9.0 and disableing the guest account (presuming you are not going to use it) causes the cancel button to return the client (user) to the same eportfolio logon screen.

I too do not wish any client interfacing with the CMC. There is too great a risk of becoming interested....

Hope this helps a little....

 

[dmurray00]

THANKS TO ALL !!