WF 80 Beta Manual

WebFOCUS Client Repository and Security Authorization
8.0 Beta
DN4500988.0611
Cactus, EDA, EDA/SQL, FIDEL, FOCUS, Information Builders, the Information Builders logo, iWay, iWay Software, Parlay, PC/FOCUS, RStat, TableTalk, Web390, and WebFOCUS are registered trademarks, and DataMigrator and Magnify are trademarks of Information Builders, Inc. Adobe, the Adobe logo, Acrobat, Adobe Reader, Flash, Adobe Flash Builder, Flex, and PostScript are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. Due to the nature of this material, this document refers to numerous hardware and software products by their trademarks. In most, if not all cases, these designations are claimed as trademarks or registered trademarks by their respective companies. It is not this publishers intent to use any of these names generically. The reader is therefore cautioned to investigate all claimed trademark rights before using any of these names other than to refer to the product described. Copyright 2011, by Information Builders, Inc. and iWay Software. All rights reserved. Patent Pending. This manual, or parts thereof, may not be reproduced in any form without the written permission of Information Builders, Inc.
WebFOCUS
Contents
Preface................................................................................................................5
Documentation Conventions..............................................................................................6 Related Publications..........................................................................................................7 Customer Support.............................................................................................................7 Information You Should Have.............................................................................................8 User Feedback..................................................................................................................9 Information Builders Consulting and Training.......................................................................9
1. Introducing WebFOCUS Client Repository and Authorization Security.........11

Creating a Security Model................................................................................................12
2. Security Basics..............................................................................................17
Groups...........................................................................................................................18 Users.............................................................................................................................19 Operation sets................................................................................................................20 Folders...........................................................................................................................23 Rules.............................................................................................................................26 Rules Overview........................................................................................................26 Creating Rules for Folder Resources.........................................................................26 Creating Rules for Groups........................................................................................29 Creating Rules for Operation Sets.............................................................................33
3. Creating Users With Predefined Groups........................................................35

Default Groups, Operation Sets, and Rules.......................................................................36 Creating a Managed Folder for Users to Access.................................................................36
4. Sharing and Ownership..................................................................................41

Sharing How, Who, or Permissions...................................................................................42 Ownership Permissions...................................................................................................43
5. Managing User Content ................................................................................45

Managing Private User Content........................................................................................46
Contents
6. Effective Policy.............................................................................................47
Order of Precedence........................................................................................................48 Viewing Your Own User Effective Policy.............................................................................49 Viewing Effective Policy for Other Users.............................................................................52 Viewing Folder or Item Properties.....................................................................................53
7. Operation Sets...............................................................................................57
Default Operation Sets....................................................................................................58 Legacy Operation Sets.....................................................................................................67
8. Individual Operations.....................................................................................75
Configuring Operations....................................................................................................76
9. Default System Rules....................................................................................87

System Rules Information................................................................................................88
10. Use Case Scenarios.....................................................................................91

Service Provider Architecture............................................................................................92 Creating HelpDesk Administrator (Reset Password Only)....................................................99 Sharing........................................................................................................................101 Ownership....................................................................................................................107
A. Glossary.......................................................................................................109
Key Concepts...............................................................................................................110
Reader Comments...........................................................................................113
WebFOCUS
WebFOCUS
Preface
This documentation provides an introduction to the new WebFOCUS Client Repository and Authorization Security model. It is intended for developers who are responsible for developing security for WebFOCUS applications.
How This Manual Is Organized

This manual includes the following chapters: Chapter/Appendix 1 Introducing WebFOCUS Client Repository and Authorization Security Security Basics Contents Describes the purpose and basic functionality of WebFOCUS client security. It also includes important questions whose answers will help you structure an appropriate security model. This chapter introduces the basic concepts of the new WebFOCUS Client Repository security model, including how to create groups, subgroups, users, OpSets, and folders. Explains how to create users with groups that have already been created. It also expands on some of the basic concepts introduced earlier. Introduces the concepts of sharing and ownership and describes the operations on which sharing relies Describes how to manage user content. Describes how to determine or manage the effective policy for a user. Lists and explains the default and legacy operation sets.
Creating Users With Predefined Groups Sharing and Ownership Managing User Content Effective Policy Operation Sets
4 5 6 7
Documentation Conventions
Chapter/Appendix 8 9 10 Individual Operations Default System Rules Use Case Scenarios
Contents Lists and describes the individual operations. Lists and describes the Default Rules and System Rules. Illustrates use cases to help understand and configure certain types of functionality within the new MR Repository and Security Authorization model. Glossary of key concepts in this manual.
Glossary
Documentation Conventions
The following table lists and describes the conventions that apply in this manual. Convention
THIS TYPEFACE
Description Denotes syntax that you must enter exactly as shown.
or
this typeface this typeface
Represents a placeholder (or variable) in syntax for a value that you or the system must supply. Indicates a default setting. Represents a placeholder (or variable), a cross-reference, or an important term. It may also indicate a button, menu item, or dialog box option you can click or select. Highlights a file name or command. Indicates keys that you must press simultaneously. Indicates two or three choices; type one of them, not the braces. Indicates a group of optional parameters. None are required, but you may select one of them. Type only the parameter in the brackets, not the brackets.
underscore
this typeface
this typeface Key + Key

{ [ } ]
WebFOCUS
Preface
Convention
|
Description Separates mutually exclusive choices in syntax. Type one of them, not the symbol. Indicates that you can enter a parameter multiple times. Type only the parameter, not the ellipsis points (...). Indicates that there are (or could be) intervening or additional commands.
...
. . .
Related Publications
To view a current listing of our publications and to place an order, visit our Technical Documentation Library, http://documentation.informationbuilders.com. You can also contact the Publications Order Department at (800) 969-4636.
Customer Support
Do you have any questions about this product? Join the Focal Point community. Focal Point is our online developer center and more than a message board. It is an interactive network of more than 3,000 developers from almost every profession and industry, collaborating on solutions and sharing tips and techniques, http://forums.informationbuilders.com/eve/forums. You can also access support services electronically, 24 hours a day, with InfoResponse Online. InfoResponse Online is accessible through our World Wide Web site, http://www.informationbuilders.com. It connects you to the tracking system and knownproblem database at the Information Builders support center. Registered users can open, update, and view the status of cases in the tracking system and read descriptions of reported software issues. New users can register immediately for this service. The technical support section of www.informationbuilders.com also provides usage techniques, diagnostic tips, and answers to frequently asked questions. Call Information Builders Customer Support Service (CSS) at (800) 736-6130 or (212) 7366130. Customer Support Consultants are available Monday through Friday between 8:00 a.m. and 8:00 p.m. EST to address all your questions. Information Builders consultants can also give you general guidance regarding product capabilities and documentation. Please be ready to provide your six-digit site code number (xxxx.xx) when you call. To learn about the full range of available support services, ask your Information Builders representative about InfoResponse Online, or call (800) 969-INFO.
Information You Should Have
Information You Should Have

To help our consultants answer your questions effectively, be prepared to provide the following information when you call: Your six-digit site code (xxxx.xx). Your WebFOCUS configuration: The front-end you are using, including vendor and release. The communications protocol (for example, TCP/IP or HLLAPI), including vendor and release. The software release. Your server version and release. You can find this information using the Version option in the Web Console. The stored procedure (preferably with line numbers) or SQL statements being used in server access. The Master File and Access File. The exact nature of the problem: Are the results or the format incorrect? Are the text or calculations missing or misplaced? The error message and return code, if applicable. Is this related to any other problem? Has the procedure or query ever worked in its present form? Has it been changed recently? How often does the problem occur? What release of the operating system are you using? Has it, your security system, communications protocol, or front-end software changed? Is this problem reproducible? If so, how? Have you tried to reproduce your problem in the simplest form possible? For example, if you are having problems joining two data sources, have you tried executing a query containing just the code to access the data source? Do you have a trace file? How is the problem affecting your business? Is it halting development or production? Do you just have questions about functionality or documentation?
WebFOCUS
Preface
User Feedback
In an effort to produce effective documentation, the Documentation Services staff welcomes your opinions regarding this manual. Please use the Reader Comments form at the end of this manual to communicate suggestions for improving this publication or to alert us to corrections. You can also use the Documentation Feedback form on our Web site, http://documentation.informationbuilders.com/feedback.asp. Thank you, in advance, for your comments.
Information Builders Consulting and Training

Interested in training? Information Builders Education Department offers a wide variety of training courses for this and other Information Builders products. For information on course descriptions, locations, and dates, or to register for classes, visit our World Wide Web site (http://www.informationbuilders.com) or call (800) 969-INFO to speak to an Education Representative.
Information Builders Consulting and Training
10
WebFOCUS
WebFOCUS
Introducing WebFOCUS Client Repository and Authorization Security
To plan the security implementation in your WebFOCUS application, it is critical to consider several fundamental questions whose answers will help you structure your security model: What information will be stored in the WebFOCUS repository? Who will need access to this information? What kind of access will each user need?
Topics:
Creating a Security Model
11

The new WebFOCUS Client Repository and Authorization Security model expands and generalizes the access to Managed Reporting (MR) and Business Intelligence assets. Highlights of the model include: Relational database storage for all content. Improved integration with ReportCaster. Component integration (single sign-on). Blended user capabilities (which do not require the creation of new roles). Improved integration with software service vendors using granular authorization and the delegation of administrative functions. The system uses the Universal Object Access (UOA) layer, an implementation of Role-Based Access Control (RBAC), to enforce security across all objects in the repository. The flexibility of the UOA model enables an administrator to implement security at a granular level for every object in the WebFOCUS repository, if needed. User actions can be permitted or not permitted for individual combinations of users and objects. Access can be granted or specifically denied on a group or individual level, and it can be inherited down from a root folder that contains several types of objects. The administrator can create a comprehensive security model by using the following concepts provided by the UOA model:
12
WebFOCUS
1. Introducing WebFOCUS Client Repository and Authorization Security Every object is a resource that can be controlled. Access to and management of all objects is controlled by the UOA. Different object types have different controlled operations. While all object types have a delete operation, other operations are restricted to particular object types. Report request objects cannot be made members of a group and user objects cannot be run or scheduled. Group membership determines two types of operations: Which users can modify group or user definitions. The actions a group or user can perform on objects. Security rules control what users can do to objects in the repository: Users belong to groups. As a best practice, for ease of administration, security rules should apply to these groups, although it is possible to create a security rule that applies to users. User privileges are defined in operation sets. Operation sets are groupings of permitted or denied operations. An object is any group, user, operation set, item, or folder stored in the repository. An object is any object or folder stored in the repository. For example, the following statements can become rules: Users in the group SalesMgmt can run reports in the folder SalesForecast. This can be implemented as the rule:
SalesMgmt PERMIT RunReport on Folder SalesForecast
Users in the group SalesAdmin can assign user IDs to the group SalesMgmt. This can be implemented as the rule:
SalesAdmin PERMIT AssignUsers on Group SalesMgmt
Security rules are inherited. Rules established on a folder apply to all its children and subfolders. Rules established on a group apply to all its children and subgroups. If you wish to change this behavior for a specific object, you can clear an inherited rule or define a more specific rule for a subfolder or subgroup. This change then applies to the descendants of the subfolder or subgroup. Users can belong to multiple groups.
13
Creating a Security Model All the security rules that affect a specific user are merged to create the effective security policy for the user on each object. Since users can belong to multiple groups, the rules that affect all of the groups to which a user belongs are merged to determine what the single user is allowed to do. There is an order of precedence for user operations. If a user is within two different groups and is permitted an operation in one group but not granted that operation in another (implicit deny), the user is allowed that operation. However, if a user is permitted an operation in one group but denied that operation (explicit deny) in another, the user is denied that operation. All operations need to be explicitly permitted. Operations that are not permitted are not available (effectively denied). All objects in the WebFOCUS repository are either private entities or managed entities. Once created, private objects have a standard and consistent set of permitted operations that are granted to the owner of the object, which can be an individual user or a group. Managed objects, also known as system-owned objects, are managed by the set of security rules defined by security administrators. The ability to create new private objects inside a managed folder is also a controlled operation. The ownership of a private object can be passed to another user or even to a group. When passed to a group, all members of that group have the same standard set of permitted operations, specified by the OpSet SystemPrivateResourcePermits. For example, group ownership may be useful when a development team is working on a project of interconnected reports. Anyone on the team may need to update a report. You could add new security rules for each user and then change the rules when the project is complete, but it is simpler to keep the report objects private and owned by the group while in development. Once the project is completed and the reports are ready to be released to a wider audience, you can change the status of the report objects to managed so that the security rules you have already determined for your system will apply. In most circumstances, a new object is created as a private object. The status of the created object can then be changed to managed. Changing ownership and changing status from private to managed are themselves controlled operations.
14
WebFOCUS
1. Introducing WebFOCUS Client Repository and Authorization Security By default, the owner of a private object can: Run a report. Run a deferred report. Create a Private Item. Create a Private Folder. Open, delete, update, list, and view objects. View and update the properties of an object. The type of control that a user has on a private object can be modified for the entire site by updating the SystemPrivateResourcePermits operation set. All other operations must be explicitly granted to users through groups or roles. For example, by default, an owner of private objects cannot change the server execution properties of a report procedure, unless the operation to update reporting server properties has been enabled for the user. Generally, non-owners cannot modify private objects. The sole exception is for administrative users permitted the operation of opManagePrivateResources on a group and granted the opManagePrivateTool operation. This allows the administrative users to clean up the objects of users who have left the organization. The explicit list of operations allowed on these private objects is determined by the operation sets of: SystemManagePrivateFolders SystemManagePrivateOutput SystemManagePrivateNonOutput For more information, see Operation Sets on page 57.
15
16
WebFOCUS
WebFOCUS
Security Basics
The new WebFOCUS Client Repository Authorization model allows administrators of the system to create granular controls for all users. This new architecture provides granularity, flexibility, and separation of duties, as well as auditing capabilities. The individual building blocks of groups, users, operation sets, and folders are used to create rules. Rules are then used as the basis of determining what a user is allowed or not allowed to do within the WebFOCUS Client Repository and Authorization model.
Topics:
Groups Users Operation sets Folders Rules
17
Groups
Groups
How to: Create a Group and Subgroup In the UOA model, a group is a container of users or subgroups that have similar capabilities and access. To enable this access, a rule will need to be created for a particular group or subgroup. As a best practice, rules should be created for groups and not users, as creating rules for individual users complicates administration.
Procedure: How to Create a Group and Subgroup

1. Sign in with an administrative user ID that is permitted ALL on /. By default, this user ID is admin with a password of admin. 2. Select Security Management from the Administration pane, or right-click Repository in the Resources pane and select Security, then User Administration. 3. Select the New Group button. 4. Create a group named AmericaBankMainGroup, with the description of America Bank Main Group. 5. Create a group named AmericaBankAnalyticalGroup, with the description of America Bank Analytical Group
18
WebFOCUS
2. Security Basics
Users
How to: Create a User In the UOA model, a user is identified by a unique ID and additional properties, such as a description, e-mail address, password, and groups, that the user belongs to. By default, all users are a member of the EVERYONE Group, which is the set of all named users on the system. In addition, an ID status such as active or inactive can be set for the individual users. When a user is a member of multiple groups, the rules on those groups are reconciled to give the user their effective policy. Note: The user ID is case-sensitive.
Procedure: How to Create a User

1. Sign in with an administrative user ID that is permitted ALL on /. By default, this user ID is admin with a password of admin. 2. Select Security Management from the Administration pane, or right-click Repository in the Resources pane and select Security, then User Administration. 3. Select the New User button.
19
Operation sets 4. Create the user and place that user in AmericaBankMain/AnalyticalUsers, as shown in the following image.
Operation sets
How to: Create an OpSet Operation sets (OpSets), also known as operation sets (PSETs), are groups of permitted or denied operations. Administrators can allow or deny the use of operations for Groups and Users by applying operation sets. Operation sets are the building blocks, but nothing is applied until a rule is created. For more information on individual operation sets and operations, see Legacy Operation Sets on page 67 and Configuring Operations on page 76.
Procedure: How to Create an OpSet

1. Sign in with an administrative user ID that is permitted ALL on /. By default, this user ID is admin with a password of admin. 2. Select Security Management from the Administration pane, or right-click Repository in the Resources pane and select Security, then User Administration.
20
WebFOCUS
2. Security Basics 3. Select the Permission Sets tab.
4. Click New Permission Set
21
Operation sets 5. Name the new operation set ListAndRun and enter the description List and Run operation set, as shown in the following image.
22
WebFOCUS
2. Security Basics 6. Move List, Run, RunDeferred, and View Folder/Item Properties from Available Operations to Selected Operations by double-clicking each operation or by selecting each operation and clicking on the Move button .
7. Click OK to save the new operation set.
Folders
How to: Create a Folder Make a Folder Managed Folders contain all MR Repository content. In the UOA architecture, there is no limitation to folder depth, as there was in the 77 release and below. Whenever a user creates a folder, it will always be created as a private folder. It can remain private, if that is desired, or it can be changed to a system managed folder as long as the user has the proper permissions to do so (Make Managed - opMakeManaged). A managed item is not owned by an individual or group, but it is accessible to all users that have the proper rules in place to access it.
23
Folders
Procedure: How to Create a Folder

1. Sign in with an administrative user ID that is permitted ALL on /. By default, this user ID is admin with a password of admin. 2. Right-click Repository and select New Folder, as shown in the following image.
The Create Folder dialog box appears, as shown in the following image.
3. Populate the fields with the following and then select OK: Description: America Bank Summary: America Bank's Folder
24
WebFOCUS
2. Security Basics Note: The Name field will automatically be filled in, derived from the description with only alpha and underscore characters allowed. If desired, the Name of this can be modified at this point. The Description is non-unique but Name must be unique within the folder and cannot contain any special characters. The summary is an extensive explanation of the folder and is accessible through the Info button located under the MR tree. 4. Right-click on America Bank and select New, then Folder. Name the folder Sales.
Procedure: How to Make a Folder Managed

1. Right-click on America Bank and select Security, then Owner, as shown in the following image.
25
Rules 2. Select the Managed radio button, then OK, as shown in the following image.
Note: When you change a main folder to Managed, all subfolders will also be changed to Managed as well.
Rules
In this section: Rules Overview Creating Rules for Folder Resources Creating Rules for Groups Creating Rules for Operation Sets
Rules Overview
Rules are combined at each level, then down the resource tree, to determine the effective policy on a resource. At each resource level, the effective policy can only be evaluated to NOT_SET, DENY, or PERMIT. This is then combined with rules at each lower level, to determine the Effective Policy on a resource for a particular user.
Creating Rules for Folder Resources

How to: Create a Rule Allowing the America Bank Main Group ListAndRead on the America Bank Folder You must define the following components to create a rule:
26
WebFOCUS
2. Security Basics Who is the Group (usually) or the User (rarely). Verb is NOT_SET, PERMIT, OVERPERMIT, or CLEARINHERITANCE. What is the OpSet. Where is the resource. In the case of a folder resource, it is the folder, or an item. A resource could also be a group, OpSet, or user. When creating any rule on a folder resource, the resource is always selected first. Then any number of operation sets can be applied to any number of groups or users as an exception. In the following example, we will create a rule giving the America Bank Main group the ListandRead operation set on the America Bank folder.
Procedure: How to Create a Rule Allowing the America Bank Main Group ListAndRead on the America Bank Folder
1. Sign in with an administrative user ID that is permitted ALL on /. By default, this user ID is admin with a password of admin. 2. Right-click the America Bank folder in the Resources pane and select Security, then Access Rules. The Security Rules dialog box appears.
27
Rules 3. In the Groups field, select AmericaBankMainGroup, as shown in the following image.
Note: If you do not see any Groups listed, uncheck Only show Groups with Rules.
28
WebFOCUS
2. Security Basics 4. Select the ListAndRead OpSet and set the Verb to PERMIT, as shown in the following image .
5. Click Apply if you wish to make further changes after this, or click OK to apply the changes and exit the dialog box.
Creating Rules for Groups

How to: Create a Rule Allowing the America Bank Analytical Subgroup ShareWith Capability With the America Bank Main Group The following procedure uses the previous examples in this chapter.
Procedure: How to Create a Rule Allowing the America Bank Analytical Subgroup ShareWith Capability With the America Bank Main Group
1. Sign in with an administrative user ID that is permitted ALL on /. By default, this user ID is admin with a password of admin.
29
Rules 2. Right-click the Repository folder in the Resources pane and select Security, then User Administration. The Security Center appears, as shown in the following image.
30
WebFOCUS
2. Security Basics 3. Right-click AmericaBankMainGroup in the Groups field and select Security, then Access Rules, as shown in the following image.
The Security Rules dialog box appears. 4. In the Groups field, select AmericaBankAnalyticalGroup. Note: If you do not see any Groups listed, uncheck Only show Groups with Rules.
31
Rules 5. In the Rules for Group field set ShareWith to PERMIT, as shown in the following image.
6. Click OK, then click Close.
32
WebFOCUS
2. Security Basics
Creating Rules for Operation Sets

How to: Create a Rule That Disables Deletion of the ListandRun OpSet
Procedure: How to Create a Rule That Disables Deletion of the ListandRun OpSet
1. Sign in with an administrative user ID that is permitted ALL on /. By default, this user ID is admin with a password of admin. 2. Select Security Center in the Administrative pane, or right-click inside the Resources pane and select Security, then Access Rules. 3. In Security Center, select the Permission Sets tab. 4. Right-click ListAndRun and select Security, then Access Rules. 5. Select the operation set of ProtectSystemResources on the left side of the window, and the EVERYONE group on the right side, and apply the Permssion Set by either dragging and dropping or using the arrow button to apply.
33
Rules
34
WebFOCUS
WebFOCUS
Creating Users With Predefined Groups
WebFOCUS includes default groups, operation sets, and rules to make it easier for you to administer your implementation.
Topics:
Default Groups, Operation Sets, and Rules Creating a Managed Folder for Users to Access
35
Default Groups, Operation Sets, and Rules
Default Groups, Operation Sets, and Rules

The WebFOCUS Client Repository has been preloaded with a set of default groups, operation sets, and rules applying to them. Among these are the WF_Legacy group and its subgroups corresponding to the legacy 7.6 and prior user roles. Note that these groups are not an exact match of what was in 7.7 and below, since these user types have access to the latest tools. If needed, you can clone these operation sets, and make them an exact match and give them access to the legacy tools as well. These predefined groups, and the operation sets that are used with them, include LibraryOnlyUsers, RunOnlyUsers, AnalyticalUsers, PowerUsers, Developers, ContentManagers, and MRAdministrators. Default rules have been set from the root of the repository (Repository level) for these groups. A first time administrator only needs to create the users and place them in one of the predefined groups, under the WF_Legacy main group. A first time administrator does not need to create rules at this time. The users that are created in the WF_Legacy subgroups will have all the available permissions for the entire repository because of the default rules. If that is not the desired behavior, the default rules can be deleted or modified so that these users only have access to specific folders.
Creating a Managed Folder for Users to Access

How to: Create a Managed Folder Accessible to Predefined Users Create a User Using One of the Predefined Legacy WebFOCUS Groups The following procedures show how to create a folder and place a user in the WF_Legacy/AnalyticalUsers Group. This user will have AnalyticalUser access to the folder. First, the administrator should create a managed folder under the root of the repository. A managed folder is a folder that is accessible to all authorized users. It is not private to any one individual or group, but can be considered system wide.
Procedure: How to Create a Managed Folder Accessible to Predefined Users

36
WebFOCUS
3. Creating Users With Predefined Groups 2. Right-click Repository and select New Folder, as shown in the following image.
The Create Folder dialog box appears, as shown in the following image.
3. Populate the fields with the following and then select OK: Description: America Bank Summary: America Bank's Folder
37
Creating a Managed Folder for Users to Access Note: The Name field will automatically be filled in, derived from the description with only alpha and underscore characters allowed. Description is non-unique but Name must be unique within the folder and cannot contain any special characters. The summary is an extensive explanation of the folder and is accessible through the Info button located under the MR tree. 4. Right-click on America Bank and select New, then Folder. Name the folder Sales. 5. Right-click on America Bank and select Security, then Owners, as shown in the following image.
38
WebFOCUS
3. Creating Users With Predefined Groups 6. Select the Managed radio button, then OK, as shown in the following image.
Procedure: How to Create a User Using One of the Predefined Legacy WebFOCUS Groups
1. Sign in with an administrative user ID that is permitted ALL on /. By default, this user ID is admin with a password of admin. 2. Select Security Management from the Administration pane, or right-click Repository in the Resources pane and select Security, then User Administration. The Security Center displays, as shown in the following image.
You can use the Security Center to create users and assign them to groups.
39
Creating a Managed Folder for Users to Access
3. Select the New User
button.
The New User dialog box appears, as shown in the following image.
4. Populate the fields with the following and then select OK: ID: abanalytic1 Description: America Bank Analytical User 1 E-mail Address: abanalytic1@ab.com Password: abanalytic1 Create in group: WF_Legacy/AnalyticalUsers Status: Active 5. Log in as abanalytic1. You can now create content.
40
WebFOCUS
WebFOCUS
Sharing and Ownership
When a user wants to share an item, they can share that item with a particular group or user. The ability to share an item or a folder relies on four operations: Share Folder/Item (OpShareItem), Share with Group or User (opShareWith), List (opList), and List Users (opListUsers).
Topics:
Sharing How, Who, or Permissions Ownership Permissions
41
Sharing How, Who, or Permissions
Sharing How, Who, or Permissions

The ability to share a private item or a folder relies on four operations. Share Item or Folder (OpShareItem) applies to the folder or item resource. This operation indicates that this user has the ability to share a folder or item. Who that user can share the item with is specified with the operations of Share with Group or User (opShareWith), List (opList), and List Users (opListUsers). These operations apply to the group resources. When you want to share an item with another group or user, the following needs to be considered: The item to be shared must be within My Folder. If the item the user wants to share is within a private folder, the private folder needs to be shared. The private item within that folder needs to be shared. The user or group that the item is being shared with needs the List (opList) operation on managed folders leading to this users private folder, so they can navigate to this users shared item. Since the item is shared, there is a special operation set of SystemShareResourcePermits that is applied to the shared item, for all users that it is being shared with. That operation set contains the following operations: View Folder/Item Properties Schedule Run Run Deferred Open List
42
WebFOCUS
4. Sharing and Ownership
Example:
Share How, Who, or Permissions

The following image shows an example of a private folder abpower1folder for the user of abpower1 that is under a managed folder of Sales. The abpower1folder itself is shared and the ProfitReport item is shared.
The following image shows the view when logged in as the wfpower1 user, who this item was shared with. Since this user had List (opList) capability from the repository level, they were able to see two main subfolders of America Bank and Bombay Bank. They were able to see and navigate to the Sales Folder which contains the private folder abpower1folder. This also shows that the original owner of the folder and item are abpower1.
For more information on Sharing Permissions, see Sharing on page 101.
Ownership Permissions
The ability to change the ownership of a private folder/item, relies on six operations. Make Managed (opMakeManaged) and Make Private (opMakePrivate) apply to the folder/item resource. These operations indicate that a user has the ability to change the ownership of a folder/item or to make the folder/item a managed entity. Who the user can change the ownership to is specified with the operations of Set Group as Owner (opSetGroupOwner), Set User as Owner (opSetUserOwner), List (opList) and List Users (opListUser). For more information on Ownership, see Ownership on page 107.
43
Ownership Permissions
44
WebFOCUS
WebFOCUS
Managing User Content
To help administer the new MR Repository and Authorization model, an administrator may delegate responsibilities to other users to allow them to manage the private content which they do not own.
Topics:
Managing Private User Content
45

A default administrative user has ALL over the entire repository. However, this user can delegate responsibilities to users who do not necessarily have ALL with the operations opManagePrivateResources and opManagePrivateTool. OpManagePrivateResources allows users the ability to manage private resources they do not own, and opManagePrivateTool grants the use of the tool which manages these private resources. With this delegation, three system operation sets are applied to user content. SystemManagePrivateFolders - Administrative rights over private folders owned by other users SystemManagePrivateOutput - Administrative rights over private non-output files owned by other users SystemManagePrivateNonOutput - Administrative rights over private output owned by other users There are three different operation sets so that a user with administrative capability over another user may still be restricted from viewing the user output.
46
WebFOCUS
WebFOCUS
Effective Policy
The effective policy for a user is the derivation of all applicable rules applied to the user. The Effective Policy dialog box indicates why a user has or does not have a certain capability. Users with the Manage Rules on a Resource operation (opManageRulesOn) and the View Effective Policy on a Resource operation (opViewRulesOn) may also view the effective policies for other users belonging to that resource.
Topics:
Order of Precedence Viewing Your Own User Effective Policy Viewing Effective Policy for Other Users Viewing Folder or Item Properties
47
Order of Precedence
Order of Precedence
The following order of precedence is used to determine the effective policy on a resource at a particular level: 1. OverPermit 2. Deny 3. Permit 4. Not Set On any particular level, these will be evaluated to DENY, PERMIT or NOT_SET. This means that an OverPermit will win over a Deny. A Deny will win over a Permit. A Permit will win over a Not Set (Implied Deny). ClearInheritance clears all inherited rules on an operation on the level where ClearInheritance is placed, resetting the operation to a Not Set state for that level and its children. No group takes precedence over another group and user rules do not take precedence over group rules. A policy is calculated at each level of a resource and combines with the policies of each child level to determine the effective policy for each user. If an operation is Not Set, then it is Implicitly Denied. If an operation is Permitted, it is allowed. If an operation is Explicitly Denied, then it is not allowed. This takes precedence over a Permit. For example, if a user belongs to multiple GROUPs and is permitted an operation in one Group but denied the same operation in another Group, the user is denied the operation. ClearInheritence removes all inherited rules on a resource. Going down a resource tree, an effective policy at an particular resource level can only be DENY, PERMIT and UNSET, with precedence in that order. This is important to note when figuring out Inherited abilities.
48
WebFOCUS
6. Effective Policy
Viewing Your Own User Effective Policy

The View Effective Policy on a Resource operation (opViewRulesOn) is necessary for users to view their own effective policies. With this permission, you will be able to right-click a report and select Security, then Effective Policy.
Without this operation, these options do not display. If you have opViewRulesOn and also opViewProperties or opUpdateProperties, you will also be able to view your effective policy from the Properties dialog box, which is shown in the following image.
49
Viewing Your Own User Effective Policy
If you are not already at the Properties dialog box, right-click on a resource and select Properties. On the Properties dialog box, select Security and then Effective Policy. The Effective Policy dialog box appears.
50
WebFOCUS
6. Effective Policy Each individual operation is listed by the Operations pane, which is shown in the following image.
Select an operation to review its effective policy in the Calculated Policy pane, as shown in the following illustration.
51
Viewing Effective Policy for Other Users
The Calculated Policy pane shows the following elements: Path Element. The location where a rule potentially may be applied. Effective Policy. The combination of rules on that path element and any inherited rules. Who. The groups or users to which the rule is applied. (Only displays the groups this user belongs to.) Groups are denoted by the Group icon PSET. The operation set applied. Verb. The verb that applies to the listed path element. In the previous images, the operation of Run (opRun) has been selected in the Operations pane. The Calculated Policy pane indicates which rules apply at different folder levels. No rules have been applied at / or at WFC, which means that the operation is implicitly denied at those levels, per the global settings. No rules have been applied at America_Bank, Sales, or Profit_Report.fex, which means that the operation is permitted at those levels, per the global settings. A rule has been applied at the Repository level. The operations set used in that rule is WF_PowerUser, which specifies that Run (opRun) is PERMIT. A rule has been applied at the abpower1 folder level. The operations set used in that Rule is SYSTEM, which specifies that Run(opRun) is OVERPERMIT. Note: Not every operation applies to a particular resource type. For example, Run (opRun) applies to a folder or item resource, but Create a new Group (opCreateGroup) does not. .
Viewing Effective Policy for Other Users

To view the effective policy of other users, you must have the following operations:
52
WebFOCUS
6. Effective Policy Manage Rules on a Resource, which allows you to make use of the Rules and Access Rules context menus. View Effective Policy on a Resource, which allows you to make use of the Rules and Effective Policy menus. The combination of these two operations allows you to create rules and display the effective policy for yourself and other users. To display the users on the Effective Policy dialog boc, you must also have Operation List (opList) or List Users (opListUsers) on the group or groups to which the other users belong. The Effective Policy dialog box, with the operation Run (opRun) selected for user ab1, is shown below.
The dialog indicates the following: No rules apply for ab1 on /, WFC, and Repository. A rule applies for ab1 at the America_Bank folder level. Its OpSet is ListAndRead. ListAndRead does not use the operation of Run (opRun) since the Rule is NOT_SET. A rule applies at the Sales folder level. Its OpSet is WF_Developer, in which the operation of Run (opRun) is PERMIT for the user of ab1. Therefore, the effective policy for ab1 is that this user has the Run (opRun) capability on items within the Sales folder.
Viewing Folder or Item Properties

The Properties context menu displays the attribute information of a folder or an item within the resource tree. The following operations allow you to view and make use of the Properties context menu: opViewProps (View Folder or Item Properties) displays the context menu
53
Viewing Folder or Item Properties opUpdProps (Update Folder or Item Properties) updates properties opRepSrvProps (View and Update Reporting Server Properties), if given, displays the Reporting Server Properties To view the Effective Policy from the Security button on the Properties dialog box, you need the additional operation of opViewRulesOn (View Effective Policy on a Resource) or opManageRulesOn (Manage Rules on a Resource). The following image shows the properties for an item (a report) on the resource tree.
Reference: Information Included in the Properties Dialog Box for an Element

Dialog Box Item Folder Created On Description Displays the full repository path of the containing folder. Displays the creation date and time.
54
WebFOCUS
6. Effective Policy
Dialog Box Item Created By Last Modified On Last Accessed On
Description Displays the user ID that created this folder. Displays the date and time this item was last changed. Displays the date and time this item was accessed through Properties, Run, RunDeferred, or using any of the tools to edit. Displays the user that last accessed this item. Size in bytes of the contents of the item. Immediate or Deferred. Managed or Private.
Last Accessed By Size Run Status
55
Viewing Folder or Item Properties
56
WebFOCUS
WebFOCUS
Operation Sets
An operation set (OpSet) is a collection of individual operations and their associated settings. An operation set usually contains operations applicable to a specific type of resource. For example, if the resource is a GROUP resource, then the operation set contains operations, such as Create a New Group (opCreateGroup).
Topics:
Default Operation Sets Legacy Operation Sets
57
Default Operation Sets

The following table lists the default operation provided with WebFOCUS. Unless otherwise noted, the listed operations are set to PERMIT. Name ALL BIPFullControl Function Allows all operations. Allows all operations in Business Intelligence Portal. Operations All operations Create Business Intelligence Portal View Business Intelligence Portal List Delete Validate Business Intelligence Portal Save Positions Add Personal Content Manage Rules Rename Edit Navigation Edit Banners Edit Menu Bars Edit Theme Update Properties Insert Page Edit Page Layout Edit Content
58
WebFOCUS
7. Operation Sets
Name BIPPersonalize
Function Save positions and add content in Business Intelligence Portal.
Operations Add Personal Content List Save Positions View Business Intelligence Portal
BIPViewOnly
View Business Intelligence Portal.
List View Business Intelligence Portal Create a Private Folder List List Open View Report/Folder Properties
CreatePrivateFolder List ListAndRead
Creates private folders. List files and folders. Grants access to files.
ListAndRun
Lists and executes files.
List Run Run Deferred View Report/Folder Properties
59
Name ManageGroups
Function Manages Groups.
Operations Assign Rules for a Group Assign Rules for a User Assign Users from a Group Assign Users to a Group Create a new Group Delete a Group List List Users Manage Rules on a Resource Set Group as an Owner Set User as an Owner Update Group Definition View Group View Effective Policy on a Resource
ManageOperationSets
Manages operation sets.
Create a new operation set Delete operation set List Update operation set Use operation set in Rules View operation set
60
WebFOCUS
7. Operation Sets
Name ManageOwner
Function Manage ownership of files or folders.
Operations List List Users Set User as Owner Set Group as Owner
ManagePrivateResources
System-granted operations on private resources that belong to other users via Groups.
The following operations are set to OVERPERMIT: List Delete Update Properties Update Reporting Server Properties View File or Folder Properties
ManageRules
Manages rules on resources.
Manage Rules on a Resource View Effective Policy on a Resource
ManageUsers
Manages Users.
Create a New User Delete a User List Users Set User Password Update User Definition
61
Name ProtectSystemResources
Function Protects system resources.
Operations Assign Users to Group Create a New Group Delete a Group Delete Operation Set Update Operation Set
ReportCaster Tools SecurityCenter ShareWith
Displays ReportCaster tools on toolbar and tabs. Displays the Security Center. Shares items.
Displays ReportCaster tools Launch Security Center
List List Users Share with Group or User
62
WebFOCUS
7. Operation Sets
Name SystemManagePrivateFolders
Function System-granted operations over private folders owned by other users, when user has opManagePrivateFolders.
Operations The following operations are set to OVERPERMIT: Change Owner Delete List Manage Rules Open Rename Share with Group or User Update Report/Folder Properties Update Reporting Server Properties View Report/Folder Properties View Rules
63
Name SystemManagePrivateNonOutput
Function System-granted operations over private non-output files owned by other users, when user has opManagePrivateNonOutput.
Operations The following operations are set to OVERPERMIT: Copy Delete Edit List Open Rename Update Report/Folder Properties Update Reporting Server Properties View Report/Folder Properties
64
WebFOCUS
7. Operation Sets
Name SystemManagePrivateResources
Function System-granted operations over private output owned by other users, when user has opManagePrivateResources.
Operations The following operations are set to OVERPERMIT: Delete List List Users Manage Rules Set Owner Share with Group or User Update Report/Folder Properties Update Reporting Server Properties View Report/Folder Properties View Rules
65
Name SystemPrivateResourcePermits
Function System-granted operations to owners of private resources.
Operations The following operations are set to OVERPERMIT: Create Private Repository File Delete List Open Run Run Deferred Update Report/Folder Properties View Report/Folder Properties Write/Replace Report/File The following operation is denied: Create Private Folder
66
WebFOCUS
7. Operation Sets
Name SystemShareResourcePermits
Function System-granted operations for shared private resources.
Operations List Open Run Run Deferred Schedule View a static document View Report/Folder Properties Create Private Folder Create Private Repository File Delete Make Managed Share Item or Folder Update Ownership Update Report/Folder Properties Write/Replace Report/File
UseOperationSetsInRules
Uses Operation Sets when making access rules.
List Use operation set in Rules View operation set
Legacy Operation Sets

The following operation sets replicate the different user roles and privileges provided with earlier releases of Managed Reporting. This allows administrators to easily map these user types and their privileges to the current UOA model.
67
Name WF_AnalyticalUser
Function Defines the privileges for a Legacy Managed Reporting Analytical user. The Analytical user can do everything a Run Only user can do. In addition, the user can create private Folders and Private content, using the Assistant tools. The user can also save deferred output from the Deferred Status interface.
Operations Create Private Folder Create Private Repository File Launch Advanced Graph Assistant Launch InfoAssist List Open Run Run Deferred Update Reporting Server Properties View a static document View Report/Folder Properties Write/Replace Report/File
68
WebFOCUS
7. Operation Sets
Name WF_ContentManager
Function Defines the privileges for a Managed Reporting Content Manager. The Content Manager is based on the Developer and adds the Data Server, Advanced, and Share My Report privileges.
Operations Create Private Folder Create Private Repository File Launch Advanced Graph Assistant Launch Editor Launch InfoAssist List Make Managed Make Private Open Run Run Deferred Share Item or Folder Update Ownership Update Reporting Server Properties View a static document View Report/Folder Properties Write/Replace Report/File
69
Name WF_Developer
Function Defines the privileges for a Managed Reporting Developer. The Developer role can do everything an Analytical User can do. In addition, they can create content, and make it managed (Legacy Standard Report). They also have the ability to create Reporting Objects.
Operations Create Private Folder Create Private Repository File Launch Advanced Graph Assistant Launch InfoAssist List Make Managed Make Private Open Run Run Deferred Update Ownership Update Reporting Server Properties View a static document View Report/Folder Properties Write/Replace Report/File
70
WebFOCUS
7. Operation Sets
Name WF_LibraryOnlyUser
Function Defines the privileges for a Managed Reporting Library Only User. The Library Only User role provides the ability to create Dashboard users who can only access content stored in the Report Library. This content can be viewed in the Report Library and in a Dashboard page when displayed as a list, launch, output block, or watch list. Library Only Users cannot run reports, view the Repository Tree, view the Role Tree, access other WebFOCUS environments, and have limited access to Dashboard components.
Operations List Report Library
71
Name WF_PowerUser
Function Defines the privileges for a Managed Reporting Power User. The Power User is based on the Analytical User. It adds to the Analytical User by allowing the ability to create reports using the Editor and allows Sharing of Private Content.
Operations Create Private Folder Create Private Repository File Launch Advanced Graph Assistant Launch Editor Launch InfoAssist List Open Run Run Deferred Share Item or Folder Update Reporting Server Properties View a static document View Report/Folder Properties Write/Replace Report/File
WF_RunOnlyUser
Defines the privileges for a Managed Reporting Run Only User. A Run Only User can run Standard Reports, has access to reports shared by other users, can utilize the Assistant tools to create a report, but cannot save it.
Launch Advanced Graph Assistant Launch InfoAssist List Run Run deferred View Report/Folder Properties
72
WebFOCUS
7. Operation Sets
Name WF_User
Function Defines the privileges for a Managed Reporting User. Users can run Standard Reports (in immediate and deferred mode) and access shared Private Reports by other users.
Operations List Run Run deferred View Report/Folder Properties
73
74
WebFOCUS
WebFOCUS
Individual Operations
The following chapter describes each of the individual atomic operations that are available within the new MR Repository and Security Authorization model.
Topics:
Configuring Operations
75
Reference: Tool Launch Management Operations ReportCaster Tool Launch Management Operations General Object Management Folder and Item Management Group Management Developer Studio Launch Tool Management User Management Operation Set Management
Reference: Tool Launch Management Operations

Controls access to report development tools. Operation Launch Report Assist Launch InfoAssist Launch Graph Assist Launch Power Painter Launch Editor Launch View Builder Launch Report Object Tool Launch Security Center Launch URL Tool Description User can launch HTML Report Assist. User can launch InfoAssist. User can launch HTML Graph Assist. User can launch Power Painter. User can open report in text editor. User can launch the Business Intelligence View Builder. User can launch the Report Object Tool. User can Launch Security Center (global). User can open URL tool. Operation ID opHTMLRA opInfoAssist opHTMLGA opPowerPainter opEditor opViewBuilder opReportingObject opManageSecurity opURL
76
WebFOCUS
8. Individual Operations
Operation Launch Advanced Graph Assistant Launch Manage Private Resources Tool
Description User can launch Advanced Graph Assistant. User can manage the Private Resources of another user (global).
Operation ID opAGA opManagePrivateTool
Reference: ReportCaster Tool Launch Management Operations

Controls access to the ReportCaster scheduling tools. Operation Schedule Launch Access List Tool Launch Distribution List Tool ReportCaster Administration ReportCaster Report Library Description User can Launch ReportCaster Scheduler User can Launch Access List Tool. User can Launch Distribution List Tool. Run the ReportCaster Administration Console. Display Tools item on banner (global). Display Library within Tools Item on banner or tab (global). Operation ID opSchedule opSchedAccessList opSchedDistributionList rcadmin robot library
Reference: General Object Management

Controls basic operations on objects. Operation List Delete Description User can see contents of a resource. User can delete an object. Operation ID opList opDelete
77
Operation Manage Rules on a Resource View Effective Policy on a Resource Share with Group or User Export Create metadata Access Favorites Acess Mobile Favorites Launch Repository Search
Description User can create and remove rules on a resource. User can view the rules of a resource. User can share with this group or user. User can export a resource. User can create metadata on the Reporting Server. User can access Favorites User can access Mobile Favorites. User can launch Repository Search tool.
Operation ID opManageRulesOn opViewRulesOn opShareWith opExport opMetadata opFavorites opMobileFavorites opRepositorySearch
Reference: Folder and Item Management

The following operations control the execution and viewing of report objects. Operation Run Open Description User can run a report procedure. User can view the contents of an item within a tool. Also requires the operation for the tool used to create the item. User can update contents of an item. User can create a private folder. User can create a new private item. Operation ID opRun opOpen
Write/Replace Item Create Private Folder Create Private Repository Item
opWrite opCreateFL opCreateItem
78
WebFOCUS
Operation Copy a Folder or Item Rename a Folde or Item View Folder or Item Properties Update Folder or Item Properties Run Deferred Save Deferred Output Update Reporting Server Properties Update Ownership
Description User can copy a folder or item. User can change the name of a folder or item. User can view folder or item properties. User can update folder or item properties. User can run a deferred report request. User can save deferred report output. User can update server execution properties: Server, Application Path. User can change ownership of a private object to another subject (group/user). User can change a private folder or item into a managed folder or Item. User can change a managed folder or item into a private folder or item. User can share a folder or item with other groups or users. Toggle view Full/Repository view (global). Enable the Save Parameters button.
Operation ID opCopy opRename opViewProps opUpdProps opRunDef opSaveDef opRepSrvProps
opUpdateOwnership
MakeManaged
opMakeManaged
MakePrivate
opMakePrivate
Share Folder/Item Toggle Repository View Allow Saved Parameter Reports
opShareItem opToggleTree parmrpt
79
Operation Upload a Data File Upload a Document Upload an Image Create My Reports folder Run with OLAP Cut Folder or Item Paste a Folder or Item
Description User can upload a data file to the reporting server. User can upload a document to the Repository. User can upload an image to the Repository User can create a My Reports Folder User can run a procedure with OLAP capabilities User can cut a folder or item User can paste a folder or item
Operation ID opUploadDataFile opUploadDocument opUploadImage opCreateMyFolder opOlap opCut opPaste
Reference: Group Management

The following group of operations controls the tasks that can be performed on a group folder. Operation View Group Create a new Group Delete a Group Set Group as Owner Assign Users to Group Update Group Definition Description User can see contents of the group definition. User can create a new folder as a subgroup or as a parent folder. User can delete the group folder. User can set this group as an owner of private resources. User can assign users to this group. User can update a group definition. Operation ID opViewGroup opCreateGroup opDeleteGroup opSetGroupOwner opAssignUsersTo opUpdateGroup
80
WebFOCUS
Operation Assign Rules for a Group Manage Private Resources of Users Assign Users from Group Share with Group or User Assign Rules for a Group
Description User can create or remove a rule with Group as the subject. User can manage the private items or another user. User can assign Users from this Group. User can share with this Group or User. User can create or remove Rule with Group as Subject (Who).
Operation ID opUseGroupInRules opManagePrivateResources
opAssignUsersFrom opShareWith opUseInRules
Reference: Developer Studio Launch Tool Management

The following group of operations controls access to Developer Studio report development tools. Operation Launch Developer Studio Impact Analysis Launch Developer Studio Report Painter Launch Developer Studio Editor Launch Developer Studio Graph Assistant Launch HTML Compose Layout Launch Developer Studio Procedure Viewer Description User can open the Impact Analysis tool. User can open the Report Painter tool. User can open the Editor tool. User can open the Graph Assistant tool. User can open the HTML Compose Layout tool. User can open the Procedure Viewer. Operation ID opImpactAnalysis opReportPainter opDSEditor opGraphAssistant opHTMLComposeLayout opProcedureViewer
81
Operation Launch Developer Studio SQL Report Wizard Launch Developer Studio Alert Wizard Launch Developer Studio Source Control Launch Developer Studio Document Compose Layout Launch WebFOCUS Administration Console Launch ESRI Administration Console
Description User can open the SQL Report Wizard.
Operation ID opSQLReportWizard
User can open the Alert Wizard. User can open the Source Control tool. User can launch the Document Compose Layout tool. User can launch WebFOCUS Administration Console User can update ESRI Administration Console
opAlertWizard opSourceControl opDocComposeLayout
opWFAdminConsole opESRIAdminConsole
Reference: User Management

The following group of operations controls the tasks that can be performed on a user. Operation View User Create a New User Set User Password List Users Delete a User Update User Definition Set User as an Owner Description User can view users properties. User can create a new user. User can create passwords for users. User can view a list of users in the database. User can delete a user from a group. User can modify the user definition. User can set this user as an owner of private resources. Operation ID opViewUser opCreateUser opSetPassword opListUser opDeleteUser opUpdateUser opSetUserOwner
82
WebFOCUS
Operation Assign Rules for a User
Description User can create or remove rule with user as subject (Who).
Operation ID opUseUserInRules
Reference: Operation Set Management

The following operations are related to what values can be allowed when creating operation statements in operation sets. This is typically used when the security administrator wants to delegate the management of some operation sets to other users, but does not want those users to have the ability to reverse global rules by un-denying or over-permitting an operation. Operation Delete operation set View operation set Use OVERPERMIT verb on an operation Use PERMIT verb on an operation Update Permission Set Description User can delete an operation set. User can see the operations within an operation set. Allows the editor of an operation set to use the OVERPERMIT verb. Allows the editor of a operation set to use the PERMIT verb. User can modify the name or the operations defined in an operation set. The operation set is available when creating rules. Allows the editor of a operation set to deny an operation. User can create a new operation set. Allows the editor of a operation set to use the OVERPERMIT verb and remove the DENY verb. Operation ID opDeletePermSet opViewPermSet opUseOVERPERMIT
opUsePERMIT opUpdatePermSet
Use operation set in Rules Use DENY verb on an operation Create a new operation set Use CLEAR inheritance verb on an operation.
opUsePermSetInRules opUseDENY opCreatePermSet opUseCLEAR
83
Operation Use UNPERMIT verb on an operation Use UNDENY verb on an operation
Description Allows user to set the UNPERMIT verb within an operation set Allows user to set the UNDENY verb within an operation set and reverse the DENY verb.
Operation ID opUseUNPERMIT
Reference: ReportCaster Management

The following group of operations allows a user to manage ReportCaster. Operation Schedule an item Set Blackout Dates RepoertCaster Global Updates Library Management ReportCaster Server Management ReportCaster Configuration ReportCaster Job Status Description User can launch ReportCaster Scheduler on an Item. User can set Blackout Dates. User can perform ReportCaster updates. User can perform Library Management. User can manage Distribution servers. User can configure ReportCaster. User can view jobs status on distribution server. Operation ID opScheduleItem opSetBlackoutDates opRCGlobalUpdate opLibraryManagement opRCServerManagement opRCConfiguration opRCJobStatus
Reference: Portal Management

The following group of operations allows a user to manage the Business Intelligence Portal. Operation Create Portal Description User can create a portal. Operation ID OpCreatePortal
84
WebFOCUS
Operation View Portal Save Positions Add Personal Content Edit Navigation Edit Banners Edit Menu Bar Edit Theme Validate Portal
Description User can view the portal. User can save positions of portal panels. User can add personal content to a portal. User can edit a portal navigation. User can edit a portal banners. User can edit a portal menu bar. User can edit a portal theme. User can validate a portal to make sure the content can be seen by its intended audience. User can insert new pages into a portal. User can edit the layout of a page. User can add and remove content from a portal.
Operation ID OpViewPortal OpSavePositions opAddPersonalContent opEditNavigation opEditBanners opEditMenuBar opEditTheme opValidatePortal
Insert Page Edit Page Layout Edit Content
opInsertPage opEditPage Layout opEditContent
85
86
WebFOCUS
WebFOCUS
Default System Rules
As shipped, UOA has a set of Default Rules (optional) and System Rules (required). The Default Rules are enabled for ease of use and administration, but can be modified or deleted as desired. System Rules are needed for the correct operation of UOA, and should not be removed.
Topics:
System Rules Information
87

Reference: Default Rules System Rules For ease of use, the UOA repository has been loaded with a number of default rules. A number of these rules are system rules that protect and define system resources, and should not be deleted. However, the first set of rules is defined by default but fully optional.
Reference: Default Rules

These rules become effective only when users are defined within them. Group Name UserAdmins UserAdmins UserAdmins ContentManagers AnalyticalUsers PowerUsers Users Verb PERMIT PERMIT PERMIT PERMIT PERMIT PERMIT PERMIT OpSet Name ManageGroups SecurityCenter ManageUsers WF_ContentManager WF_AnalyticalUser WF_PowerUser WF_User Resource GROUPS /WFC/Repository USERS /WFC/Repository /WFC/Repository /WFC/Repository /WFC/Repository
Reference: System Rules

All of the following rules should be kept to protect system resources. Group Name EVERYONE EVERYONE EVERYONE Verb DENY DENY DENY OpSet Name ProtectSystemResources ProtectSystemResources ProtectSystemResources Resource ProtectSystemResources ListAndRun WF_RunOnlyUser
88
WebFOCUS
9. Default System Rules
Group Name EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE
Verb DENY DENY DENY DENY DENY PERMIT PERMIT PERMIT DENY PERMIT DENY DENY DENY DENY DENY DENY PERMIT DENY DENY DENY DENY DENY
OpSet Name ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources
Resource ShareWith WF_ContentManager WF_MRAdministrator ManageUsers ManageOperationSets UserInfo Portals EDA ManageOwner UserInfo WF_Developer SystemPrivateResourcePermits WF_AnalyticalUser CreatePrivateFolder UseOperationSetsInRules ManagePrivateResources PSETS UsePSETsInRules WF_PowerUser SystemManagePrivateFolders BIPPersonalize BIPViewOnly
89
Group Name EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE EVERYONE Developers admins RunOnlyUsers LibraryOnlyUsers
Verb DENY DENY DENY DENY DENY DENY DENY DENY DENY DENY DENY DENY PERMIT PERMIT PERMIT PERMIT
OpSet Name ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources ProtectSystemResources WF_Developer ALL WF_RunOnlyUser WF_LibraryOnlyUser
Resource SystemShareResourcePermits ALL SystemManagePrivateOutput WF_LibraryOnlyUser BIPFullControl WF_User ManageGroups EVERYONE SystemManagePrivateNonOutput ListAndRead ManageRules List Repository ROOT Repository Repository
90
WebFOCUS
WebFOCUS
10
Use Case Scenarios
The following chapter illustrates use cases to help understand and configure certain types of functionality within the new MR Repository and Security Authorization model. These examples show how old functionality is implemented, as well as examples of creating new types of users, which was not possible before.
Topics:
Service Provider Architecture Creating HelpDesk Administrator (Reset Password Only) Sharing Ownership
91
Service Provider Architecture
Service Provider Architecture

How to: Create Folders, Users, Groups, and Subgroups Display the Security Center Assign Rules to the User Administrator Subgroups The following describes a Service Oriented Architecture, in which a provider would maintain a WebFOCUS infrastructure for their separate customers. Those customers share the same WebFOCUS install but do not and should not know about the user IDs or content of other customers. Each of these customers has their own repository and main user group. There should also be subfolders and subgroups for each customer. This specific case was to create a user administrator for each of the separate customers. These user administrators can: Create users, and assign them to their own group and subgroups. Delete users only from their group and subgroups. Create subgroups only within their main group. Only see users within their group and subgroups. Create rules for their group, or subgroups. If desired, no access to repository content. Note: These are specific requirements for this example. You could change this type of user ID so that it did have access to repository content.
Procedure: How to Create Folders, Users, Groups, and Subgroups

92
WebFOCUS
10. Use Case Scenarios 2. Right-click Repository and select New Folder. The Create Folder dialog box appears.
3. Populate the fields with the following and then select OK: Description: America Bank Summary: America Bank Repository Note: The Name field will automatically be filled in, derived from the description with only alpha and underscore characters allowed. Whereas Description is non-unique, Name must be unique within the folder and cannot contain any special characters.
4. Create another folder following steps 1 and 2. Set the name to Bombay Bank and select OK. 5. Right-click on America Bank and select New, then Folder. Name the folder Sales. 6. Right-click on Bombay Bank and select New, then Folder. Name the folder Sales.
93
Service Provider Architecture 7. Right-click on America Bank and select Security, then Owner, as shown in the following image.
8. Select the Managed radio button, then OK.
9. Repeat steps 7 and 8 for the Bombay Bank folder. You will have two folders with subfolders.
94
WebFOCUS
10. Use Case Scenarios 10. Create a Main Group for each bank.
11. Create a User Administrator subgroup within each of these main groups.
95
Service Provider Architecture 12. Create user administrators for each of the customers and assign them to their respective user admin groups.
Procedure: How to Display the Security Center

To be able to access the Security Center, you need to have the operation of Launch Security Center (opManageSecurity). Global operations like this are placed on /WFC/Repository. Since this is a global setting, it is not inherited. 1. From the repository tree root of the Repository, right-click Repository, then select Access Rules. 2. Select the America Bank User Admins Group, then PERMIT the OpSet of SecurityCenter. Select the Bombay Bank User Admins Group, then PERMIT the OpSet of SecurityCenter.
96
WebFOCUS
10. Use Case Scenarios Note: If the group you are adding the operation set to is not visible, you will need to deselect the Only show Groups with Rules option.
Procedure: How to Assign Rules to the User Administrator Subgroups

You need to give each user administrator subgroup a rule to allow them to administer their main group and subgroups. These operations are held in the operation sets of ManageGroups, ManageUsers. 1. Right-click the Repository User Administration, or Security Management link. Then, right-click the America Bank group. 2. Select Security, then Access Rules.
97
Service Provider Architecture 3. Select the America Bank User Admins Group, then PERMIT the operation sets of ManageUsers and ManageGroups.
4. Repeat steps 1 through 3 for Bombay Bank.
Note: A default rule has been created for all users to allow them to use ALL operation sets in a rule. If that is not desired behavior, you could delete this default rule, and create a rule for each OpSet resource that you would allow the User Administrator to give to allowable groups.
98
WebFOCUS
10. Use Case Scenarios After completing the steps above you can check to make sure your new user admin logins work correctly and they are only allowed to: Create users, and assign them to their own group and subgroups. Delete users only from their group and subgroups. Create subgroups only within their main group. Only see users within their group and subgroups. Create rules for their group or subgroups. Have no access to repository content.
Creating HelpDesk Administrator (Reset Password Only)

How to: Change Passwords for Users Belonging to Specific Groups Display Security on the Banner for BID The following describes a Help Desk Administrator group. These users will only be able to change passwords of users within the group that they are administering. This specific case was to create helpdesk administrators for each of the separate customers created above. Note: It is important that both procedures below are followed.
Procedure: How to Change Passwords for Users Belonging to Specific Groups

These are specific requirements for this example. You could change this type of user to have other types of access as well. 1. Sign in with an administrative user ID that is permitted ALL on /. By default, this user ID is admin with a password of admin. 2. Create two main folders for the different customers. 3. Create a HelpDeskAdmin Group for each bank. 4. Right-click Repository Security, then User Administration or use the Security Management link. 5. Select the AmericaBankMain group, and create a AmericaBankHelpDeskAdmin subgroup. 6. Repeat step 5 for Bombay Bank Main Group.
99
Creating HelpDesk Administrator (Reset Password Only) 7. Select the Permission Sets tab and create an operation set named SetPassword, that has the following permissions: List (opList) List Users (opListUsers) Set User Password (opSetPassword) 8. Select America Bank Main Group, as this is the resource to be controlled, and select Security, then Access Rules. 9. Select the AmericaBankHelpDeskAdmins Group, and PERMIT the previously created operation set of SetPassword. 10. Assign the HelpDeskAdmin operation sets to the America Bank Help Desk Admins Group. 11. Repeat steps 8 to 12 for the Bombay Bank Group.
Procedure: How to Display Security on the Banner for BID

To display Security on the banner for BID, you need to have the operation of Manage User/Groups/PSets (opManageSecurity). Global operations are placed on the root of the repository tree, or /WFC/Repository. (Since this is a global setting, it is not inherited.) 1. From the repository tree root of the Repository, right-click Repository, then select Access Rules. 2. Select the America Bank User Admins Group, then PERMIT the OpSet of SecurityCenter. Select the Bombay Bank User Admins Group, then PERMIT the OpSet of SecurityCenter.
100
WebFOCUS
10. Use Case Scenarios
Sharing
How to: Create Folders and Make Them Managed Create a Group and Subgroups Create and Place Users Create a Rule to Allow List Create Rules to Allow Sharing of a Folder or Item Create Rules to Allow Sharing to a Group Test Sharing Ability This specific use case is to show how users created within a group can share their items with users in the same group. If desired, this can be modified to share with a Group that the user is not in. Note: To be able to share an item, the folder that it is located in must be shared. Whomever you are sharing with will need to be able to navigate to your shared directory.
Procedure: How to Create Folders and Make Them Managed

The following procedure can be used for both sharing and ownership. 1. Sign in with an administrative user ID that is permitted ALL on /. By default, this user ID is admin with a password of admin. 2. Create a folder for America Bank. 3. Create a subfolder for Finance. 4. Create a subfolder for Sales. 5. Within the Finance folder, create a report procedure with InfoAssist called Account (this will be used to illustrate a managed item). 6. Make the Main America Bank Folder managed. All subfolders and items will now be Managed as well.
101
Sharing Your tree should appear as follows.
Procedure: How to Create a Group and Subgroups

The following procedure can be used for both sharing and ownership. 1. Sign in with an administrative user ID that is permitted ALL on /. By default, this user ID is admin with a password of admin. 2. Using Security Center, create an AmericaBankMain Group. 3. Create an AmericaBankDeveloper subgroup. 4. Create a subgroup under AmericaBankMain/AmericaBankDeveloper of Finance. 5. Create a subgroup under AmericaBankMain/AmericaBankDeveloper of Sales.
Procedure: How to Create and Place Users

The following procedure can be used for both sharing and ownership. 1. While using the Security Center, create users for the Finance and Sales Groups.
102
WebFOCUS
10. Use Case Scenarios 2. Place the users in the following groups: abdeveloperfinance1 - Finance Group abdeveloperfinance2 - Finance Group abdevelopersales1 - Sales Group abdevelopersales2 - Sales Group
Procedure: How to Create a Rule to Allow List

This procedure allows all users within the AmericaBankMain Group and subgroups the List capability of the main America Bank Folder on the Repository tree. It is needed for any user within one of the groups or subgroups to navigate to the subfolders for which they are granted operations. The following procedure can be used for both sharing and ownership. 1. Right-click the America Bank folder and select Security, then Access Rules. 2. In the Groups & Users section, select AmericaBankMain. 3. In the Available operation sets section, PERMIT the List OpSet.
103
Sharing
4. Select the Add operation sets to Selected Group or User button
to apply the OpSet.
Procedure: How to Create Rules to Allow Sharing of a Folder or Item

1. Sign in with an administrative user ID that is permitted ALL on /. By default, this user ID is admin with a password of admin. 2. From the Repository Tree, use the context menu and right-click the America Bank/Finance folder, Rules then select Access Rules. 3. Select the AmericaBankMain/AmericaBankAnalyticalUsers/Finance Group. Then PERMIT the WF_Developer and Share_Content OpSet. If the Share_Content operation set does not exist, you can create it with the operation of Share Folder/Item.
Procedure: How to Create Rules to Allow Sharing to a Group

The following procedure will allow anyone within the Finance Group to share with any other user in this Group.
104
WebFOCUS
10. Use Case Scenarios 1. Within the Security Center, right-click Finance group, select Security, then Access Rules to create a rule for AmericaBankMain/AmericaBankDeveloper/Finance Group that will allow anyone within this group to share with any other user in this group. 2. In the Groups & Users section, select the AmericaBankMain/AmericaBankDeveloper/Finance Group. 3. In the Available operation sets section, PERMIT the ShareWith OpSet. Note: This OpSet contains the operations of: List (opList), ListUsers (opListUser), and Share with Group or User (opShareWith). 4. Select the Add operation sets to Selected Group or User button to apply the OpSet.
The rule created allows the AmericaBankMain/AmericaBankDeveloper/Finance group ShareWith capabilities on AmericaBankMain/AmericaBankDeveloper/Finance group. Note: If sharing to a different group is desired. Then in step 1 above, you would pick a different group such as AmericaBankMain/AmericaBankDeveloper/Sales. This would allow anyone in the Finance group, that is allowed to share an item, to share it with the Sales group.
105
Sharing
Procedure: How to Test Sharing Ability

1. Log in as abdeveloperfinance1. 2. Create a private folder under America Bank/Finance. 3. Create a private procedure, named myfinance1. 4. Right-click the private folder, then select Share, and share it with the AmericaBankMain/AmericaBankDeveloper/Finance group. 5. Right-click the procedure, then select Share, and share it with the AmericaBankMain/AmericaBankDeveloper/Finance group. The user ID of abdeveloperfinance1 will appear as follows.
6. Log in as abdeveloperfinance2. The screen will appear as follows.
106
WebFOCUS
10. Use Case Scenarios
Ownership
How to: Change Ownership of a Folder/Item Create a Rule to Allow Changing Ownership to a Group or User Test Ownership Changes This specific use case shows how a group can manage ownership of an item. Managing ownership implies the following type of abilities: changing the owner to either a group or user, or making a private folder/item managed, making a managed folder/item private. Each of these abilities is mutually exclusive. Just because a user has the ability to make a folder/item managed, does not mean they have the ability to change it back to a private folder/item. You can also restrict a user to only sharing with a group, sets of groups, or individual users. The ability to change the ownership of a private folder/item, or change a private folder/item to managed or back again to private, relies on the following seven operations, which can be grouped as follows: Folder/Item Level Operations Make Managed (opMakeManaged) changes a privately owned folder/item to managed. Make Private (opMakePrivate) changes a managed folder/item to privately owned. Update Ownership (opUpdateOwnership) changes the ownership of a folder/item. Note: Permitting any one of these operations can affect the display of the Owner context menu. If you are permitted the Make Private (opMakePrivate) operation on a folder/item resource and/or the Update Ownership (opUpdateOwnership) ability on a folder/item resource. You have the ability to change the ownership, but you still do not have the ability to change it to any specific group or user. For that ability, you need the following operations permitted. Group/User Level Operations Set Group as Owner (opSetGroupOwner) allows changing the owner to specified group. Set User as Owner (opSetUserOwner) allows changing the owner to a specified user. List (opList) lists groups in this context. List Users (opListUser) lists users within groups.
107
Ownership
Procedure: How to Change Ownership of a Folder/Item

These steps rely upon the prior steps in Sharing on page 101 being accomplished. Create Folders and Make Them Managed Create a Group and Subgroups Create and Place Users Create a Rule to Allow List 1. Sign in with an administrative user ID that is permitted ALL on /. By default, this user ID is admin with a password of admin. 2. Using the Security Center, modify the previously created operation set of WF_AnalyticalUsersShare, and PERMIT the three operations of Make Managed (opMakeManaged), Make Private (opMakePrivate), and Update Ownership (opUpdateOwnership). Note: We previously created a Rule with this operation set in Sharing on page 101.
Procedure: How to Create a Rule to Allow Changing Ownership to a Group or User

1. Using Security Center create a Rule that allows all users in the AmericaBankMain/AmericaBankDeveloper/Finance group ManageOwner capability on the same group. 2. Right-click the group of AmericaBankMain/AmericaBankDeveloper/Finance Group then select Access Rules. 3. Using the operation set of ManageOwner, apply it to the Group of AmericaBankMain/AmericaBankDeveloperAmericaBankDeveloper/Finance. Note: ManageOwner OpSet means that anyone within the Finance Group has the abiliy to change ownership and contains the operations of : Set Group as Owner (opSetGroupOwner), Set User as Owner (opSetUserOwner), List (opList), and List Users.
Procedure: How to Test Ownership Changes

1. Log in to Dashboard as user abdeveloperfinance1. 2. Select the Folder myfinance that was created in Sharing on page 101. 3. Note the context menu of Owner and the list of users abdeveloperfinance1 and abdeveloperfinance2. As well as the group of AmericaBankMain/AmericaBankDeveloper/Finance.
108
WebFOCUS
WebFOCUS
Glossary
This is a glossary of key concepts in this manual.
Topics:
Key Concepts
109
Key Concepts
Key Concepts
User A named user within the Managed Reporting repository. Group A container to hold similar users. Without a rule created for the group, the group is not given any abilities. A group or user is always the subject of a rule. OpSet Grouping of permitted or denied operations. Also referred to as an operation set. Operation An atomic ability of a user to be permitted or denied the ability to do something. For example, the operation of opRun can be permitted or denied. Item Any type of repository content, such as a Folder, Focexec, Static Output, Schedule, Access List, and Distribution List. Folder A container for items. Resource Any object, such as an item, group, user, or OpSet. Any object that can be used to create a rule. Rule Combines a group OpSet or user OpSet and a resource to create the ability to do something. Comprises three parts: Who is the group (usually) or the user (rarely). What is the OpSet. Where is some resource, such as an item, group, or OpSet. Private An item or folder in which the owner is either a user or a group. All private items have a system OpSet of SystemPrivateResourcePermits associated with it. Managed System owned item, not private.
110
WebFOCUS
A. Glossary Shared You can share a folder and its contents (items) with other users and groups. The shared items have an OpSet associated with it of SharedResourcePermits. Permit Grants the ability to perform a particular operation. Deny Denies the ability to perform a particular operation. OverPermit Allows a particular operation like a Permit, but overrides a Deny. ClearInheritance Clears inherited rules from above a resource. Effective Policy The aggregation of all permitted and denied operations to give the user their resulting access. UOA Universal Object Access.
111
Key Concepts
112
WebFOCUS
WebFOCUS
Reader Comments
In an ongoing effort to produce effective documentation, the Documentation Services staff at Information Builders welcomes any opinion you can offer regarding this manual. Please use this form to relay suggestions for improving this publication or to alert us to corrections. Identify specific pages where applicable. You can contact us through the following methods: Mail: Documentation Services - Customer Support Information Builders, Inc. Two Penn Plaza New York, NY 10121-2898 (212) 967-0460 books_info@ibi.com http://www.informationbuilders.com/bookstore/derf.html
Fax: E-mail: Web form: Name: Company: Address: Telephone: Email: Comments:
Date:
Information Builders, Two Penn Plaza, New York, NY 10121-2898 WebFOCUS Client Repository and Security Authorization 8.0 Beta
(212) 736-4433 DN4500988.0611
WebFOCUS Client Repository and Security Authorization Creating Reports With 8.0 Beta WebFOCUS Language
Version 7 Release 6
Information Builders Two Penn Plaza New York, NY 10121-2898
Printed on recycled paper in the U.S.A.

WF 80 Beta Manual

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

WF 80 Beta Manual

Загружено:

Авторское право:

Доступные форматы

WebFOCUS Client Repository and Security Authorization

1. Introducing WebFOCUS Client Repository and Authorization Security.........11

3. Creating Users With Predefined Groups........................................................35

4. Sharing and Ownership..................................................................................41

5. Managing User Content ................................................................................45

WebFOCUS Client Repository and Security Authorization

9. Default System Rules....................................................................................87

10. Use Case Scenarios.....................................................................................91

How This Manual Is Organized

WebFOCUS Client Repository and Security Authorization

Chapter/Appendix 8 9 10 Individual Operations Default System Rules Use Case Scenarios

Description Denotes syntax that you must enter exactly as shown.

this typeface Key + Key

WebFOCUS Client Repository and Security Authorization

Information You Should Have

Information You Should Have

Information Builders Consulting and Training

WebFOCUS Client Repository and Security Authorization

Information Builders Consulting and Training

Introducing WebFOCUS Client Repository and Authorization Security

WebFOCUS Client Repository and Security Authorization

Creating a Security Model

Creating a Security Model

WebFOCUS Client Repository and Security Authorization

WebFOCUS Client Repository and Security Authorization

Creating a Security Model

WebFOCUS Client Repository and Security Authorization

Procedure: How to Create a Group and Subgroup

Procedure: How to Create a User

WebFOCUS Client Repository and Security Authorization

Procedure: How to Create an OpSet

2. Security Basics 3. Select the Permission Sets tab.

4. Click New Permission Set

WebFOCUS Client Repository and Security Authorization

7. Click OK to save the new operation set.

WebFOCUS Client Repository and Security Authorization

Procedure: How to Create a Folder

Procedure: How to Make a Folder Managed

WebFOCUS Client Repository and Security Authorization

Creating Rules for Folder Resources

WebFOCUS Client Repository and Security Authorization

Creating Rules for Groups

WebFOCUS Client Repository and Security Authorization

WebFOCUS Client Repository and Security Authorization

6. Click OK, then click Close.

Creating Rules for Operation Sets

WebFOCUS Client Repository and Security Authorization

Creating Users With Predefined Groups

WebFOCUS Client Repository and Security Authorization

Default Groups, Operation Sets, and Rules

Default Groups, Operation Sets, and Rules

Creating a Managed Folder for Users to Access

Procedure: How to Create a Managed Folder Accessible to Predefined Users

WebFOCUS Client Repository and Security Authorization

WebFOCUS Client Repository and Security Authorization

Creating a Managed Folder for Users to Access

3. Select the New User

Sharing and Ownership

WebFOCUS Client Repository and Security Authorization

Sharing How, Who, or Permissions

Sharing How, Who, or Permissions

4. Sharing and Ownership

Share How, Who, or Permissions