cancel
Showing results for 
Search instead for 
Did you mean: 

Prevent access to Company folder, but still allow access to Team folder?

todd_paulauskas
Explorer
0 Kudos
273

We are running BPC 7.5 MS SP3, Patch 1. I have some users who need to be able to upload some BPC reports they created to their specific Team Folder. However, I do not want these users to be able to be able to upload/change/delete reports to the Company folder.

In security, they ghave the Manage Template task from the Analysis/Collection interface, which as I understand allows them to use eTools->Save Dymnamic Templates. They also are assigned as Team Leaders, so they can save to their Team folder. We've tested and they can do what they need to do. However, they also seem to be able to upload to and delete from the Company folder. I am hoping someone knows a way to prevent this.

Thanks,

Todd

Edited by: Todd Paulauskas on Dec 9, 2010 9:03 PM

View Entire Topic
PatrickFavre
Advisor
Advisor
0 Kudos

Hi,

There are some explanations regarding this in the 7.5 Security Guide which you will find on the Service Marketplace.

In fact, you should also take into account if you assigned PrimaryAdmin or SecondaryAdmin tasks to your users. This will, by default, add some tasks to their profiles.

Basically, I think you should try to play around this and also around the "UpdateToCompanyFolder" task, which you will find in the FileAccess section.

Here is what you'll find in the security guide:

ManageTemplate

Primary administrator, by default, but can be assigned to secondary administrator. Can manage the company report library, access and save templates from the library, restrict workbook options, and manage custom menus.

FileAccess Task Profile Descriptions

UpdateToCompanyFolder. Secondary administrator, by default, but can be assigned to primary administrators.

Can add files to the Company folder.

Hope this will help.

Kind Regards,

Patrick

todd_paulauskas
Explorer
0 Kudos

I am familiar with the Security Guide, though I forgot about the UpdateToCompanyFolder task. The task profile assigned to this user's team is a custom one, so they aren't assigned explicitly as a Primary or Secondary Admin. But, we did add some of those role's tasks to this profile.

I have played around with ManageTemplate and UpdateToCompanyFolder and I still can't prohibit the user from being able to manipulate the Company folder contents.

I have limited this access to only a few users, and instructed them to "be careful" not to load or delete anything from the Company folder, but there's always the chance they could. That's what I want to prevent. Does anyone else have any thoughts/ideas?