BusinessObjects Security Quiz

Do you understand BusinessObjects security?

Granted Yes?
Denied No?
Not Specified Not Sure?

Well now is your chance to prove it.  Show us how good you really are.

My son always loves to test me with hypotheticals.

Dad can I have permission to see that R-rated movie?… No.

What if I take the dog for a walk?…  No.

… What if I mow the grass all summer?…  No.

… What if I get A’s for the rest of my life?…  No.

Fortunately getting granted access to InfoObjects within SAP BusinessObjects is a little more straight forward.

Quiz Show

To access the sample 24 scenario quiz click on the picture below:

Click here to start the Quiz

Results

So how did you do?  Get them all right?  Yes?  Then it’s time to get certified!

I’ll admit that regardless of how many times I go through this quiz there are always one or two that trip me up.

You can also download an offline copy of the quiz here:
http://trustedbi.com/files/user_rights.zip

Have a great week!

«Good BI»

2 replies on “BusinessObjects Security Quiz”

  1. Grant + Denied = Denied
    Grant + Not Specified =Grant
    Denied +Not Specified = Denied

    I a model that you will lower the use of the denied option to zero and use
    Not specified instead you won’t have conflicts & trouble mind in that restriction is going to work.

    Use the Grant rather than denied & leave everything else as Not Specified.

    Example:

    User X which belongs to a group that can create reports but can’t edit SQL (Denied) needs to edit SQL.
    2 scenarios I know can solve this:

    1. Create an access level:”Edit SQL”
    Create a new group: “SQL editors” and pull user X out from the first group to the new one (in order to avoid conflict).

    2. Secound scenario:

    Leave the edit SQL as Not Specified in the create reports group
    Create a new group:”Edit SQL” and join user X to this group
    The difference: since you don’t have denied on the edit SQL right in the first group you don’t have to pull this user from the first group since no conflict will accrue.

    I recommend using the second way.
    Thanks
    Yoav

  2. Hi, Got most of them, some are a bit strange though (e.g. no 23 – how can I delete the parent if I’m not allowed to delete the child?) … but I just found another weird one…

    Case 1:
    User is member of Group1.
    Group1 has DENIED on Folder (incl. subfolders).
    Group1 has GRANTED on Subfolder
    => User can access reports in Subfolder through search (result: GRANTED)

    Case 2:
    User is member of Group1 and Group2. (both groups are independent of one another)
    Group1 has DENIED on Folder (incl. subfolders)
    Group2 has GRANTED on Subfolder
    => User cannot access reports in Subfolder through search (result: DENIED)

    cheers
    MU

Comments are closed.