We are in the process of migrating from Actuate and SQL Server to Business Objects Premium and Oracle. We are having trouble designing a security model that is scalable and efficient. We have a large user base - >65,000 and a small set of reports - about 150. Users will be added and removed daily via an automated solution. We have a hierarchical type role structure but our users can have multiple roles in different combinations. I would love to chat with someone who has a large user base with users who can have multiple roles to find out how you have set up security. Thanks! Wendy
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Need advice regarding security models
- Thread starter w3ndy
- Start date
Wendy,
The trick that I learned in the Administering Users and Content class is that you want to avoid using "Explicitly Denied" for privileges. If one role that a user is assigned to has Explicitly Denied access, it will override "Explicitly Grant" access for any other roles a user has. When you want to deny access, the best thing to do is set it to "Not Specified". Not Specified denys access, but Explicitly Grant overrides Not Specified when a user has multiple roles.
I don't have a large install, but I do have a good handle on the security model and would be willing to answer other questions as I have time. You can reach me at dell dot stinnett at zcsterling dot com.
-Dell
A computer only does what you actually told it to do - not what you thought you told it to do.
The trick that I learned in the Administering Users and Content class is that you want to avoid using "Explicitly Denied" for privileges. If one role that a user is assigned to has Explicitly Denied access, it will override "Explicitly Grant" access for any other roles a user has. When you want to deny access, the best thing to do is set it to "Not Specified". Not Specified denys access, but Explicitly Grant overrides Not Specified when a user has multiple roles.
I don't have a large install, but I do have a good handle on the security model and would be willing to answer other questions as I have time. You can reach me at dell dot stinnett at zcsterling dot com.
-Dell
A computer only does what you actually told it to do - not what you thought you told it to do.
- Status
Similar threads
- Locked
- Question
- Locked
- Question