In the last post I talked about the importance of leveraging Custom Access Levels as part of securing content in your SAP BusinessObjects XI 3.1 environment.
To make security more manageable, the first thing I do when building out security in SAP BusinessObjects is to create a custom access level that provides View access to “Everyone” at the ROOT public folder level. However, I don’t want these rights to be inherited by the sub-folders so I need to apply view access at the parent object level only. Doing this by default means users will automatically see the top public folder without exposing any objects or sub-folders beneath it, initially.
First, I create a new access level and name it “Content – View Parent Object Only” so that I can clearly identify that this access level is to be used to secure content vs. applications and that way I can re-use it later when applying rights to other folders and objects later down the road.
I then ensure that I include the “View objects” access control entry, but apply it to the parent object level only. I do this by removing the checkmark from the far right checkbox.
Then I manage the top level public folder and provide the “Everyone” group this new custom access level. The “Everyone” group contains any user created in the system by default.
By spending the extra time to build this out I'm making it much easier to manage security. Instead of having to provide user groups access to a particular folders AND change security at the ROOT level, I only need to do it in one place.
Next I’ll show what SAP BusinessObjects access rights are needed to allow your Crystal Report developers to publish to the designated folder in SAP BusinessObjects Enterprise.