Hello-
We need a way to limit a user to view only 1 report. We can use the ActorGroup to deliver that report. However, we need to block the Public reports from this user. Anyone know how to do this?
thanks
If there are Public reports that are available to all users (I.E. there is no ActorGroup associated to the Public report), then this user will likely have access to the reports. I would suggest that all Public reports be tied to an ActorGroup - this way you can make sure that this user can only see reports tied to the user's ActorGroup.
Another option is to use security. You could create a custom security role for this user and write security rules on the UserList and UserFolder business classes (these are the business classes that store reports) to make sure that only the selected report(s) are accessible.
Another option is to allow access to the Public reports - but make sure the user's security does not allow the user to see data within the reports. In this case, the user would see the report, but would receive the message "No data found" when the report is opened.
Hi Derick-
I appreciate the ideas. Would you be able to elaborate on the user security option? We have used the Global Ledger Security Setup and restricted users to a certain Finance Dimension. However, this only seems to work in restricting the user to saving transactions for the restricted Finance Dimensions but has not seemed to work in restricting their ability to view data in the reports. Any help would be greatly appreciated.
Thanks
For any report, a user's security determines what data is accessible within the report. For example, let's say that your user has the StaffAccountant security role, which only allows the user to view and manage journal entries, and does not allow access to Purchase Orders. Let's say you publish a public report for Purchase Orders. Your user may open the PO report (because it is public), but when the user opens it, the user will not see any Purchase Order data because the Staff Accountant role may not provide access to POs.
If you find that your user can still see Purchase Orders in the report, and you do not want the user to see POs, you may need to analyze which security role is granting the access, and either remove that role from the user, or create a custom security role that does not give access to POs.
Gotcha
I echo Derick. Making a report "Public" means it's open to all, unconditionally. Perhaps stop using Public if they aren't truly valuable or appropriate for all user's. Instead, use ActorGroup. Very soon (October timeframe) you will be able to share reports with a Role as well. So you could choose to share your current Public reports with either an ActorGroup OR a Role.
As always, regardless of access to the report itself, secclass authorization policies are always in play with the data ultimately displayed to a user.
