Having a look at admni guide and see overal apendix of all the varios rights (ch 27) - e.g create reports, edit reports.
Have a few questions.
1) We wish to give access to the Writes group permission to create and delete own reports in theire departmental folder but not have permission to delete
reports owned by other users in that department. We are using custom access levels and need to ensure the appropriate rights are in these access levels. How is this best achieved with regards delete privilege? Is it the case that by default a user cannot delete objects they don't own?
Is it a case of ensuring right delete objects is not set but dlete objects taht user owns is set?
2) Denying access to CMC is this best done done via Applications/CMC/ and remove access to Everone group to cmc. Just want to check before do this will can still use as Administrator users. Is this the case?
To answer your questions
1. Your custom access level should only include " delete objects that the user owns" instead of "Delete Objects". By default user who owns the report will be having full control to those objects. including "Delete Objects" right will leads to accidental deletion and if the object is not owned by the user. they can still delete if you granted "Delete Objects".
2. If you deny access to CMC to Everyone group even Administrators will also be denied access for that. the right way is to
- Make access to CMC for everyone group at Application level - the Right is "Login to CMC" as unspecified.
- grant access to only Administrators group
give a try and let me know how it goes.