Wednesday, April 30, 2014

SAP BusinessObjects Security - Access Levels


For information on using APOS solutions to help you bolster and manage security, visit our more recent series of security posts.

By Rick Epstein


An access level is a set of permissions that apply to a user or group concerning an object such as a folder or report. SAP BusinessObjects lets you create custom access levels -- something I will write about in a future post -- but for now, let's restrict ourselves to the five pre-defined Access Levels in SAP BusinessObjects:
  • View: Can see the object and view instances of reports
  • View on Demand: Inherits rights of the View Access level and can run reports real time
  • Schedule: Inherits rights of the View On Demand Access level and can schedule reports
  • Full Control (owner): Inherits rights of the Schedule Access level and can add, copy, delete content if the user is also the owner
  • Full Control: Inherits rights of the Schedule Access level and can add, copy, and delete content regardless of the content's owner

Nothing too controversial there, but it does open up the topic of inheritance, a topic which will be important in all that follows, and which may be the source of many unintended consequences. So let's be clear about what we mean by inheritance:
  • Inheritance: Getting the rights of the parent group(s) and/or parent folder(s)

Access levels apply to users and groups. My next post will deal with rights settings, which are assigned at the object level.

No comments:

Post a Comment