- If you set explicitly deny "delete objects" under "system" -> "Universe" on a universe object; I am still able to open the universe in the designer and go to Manage access restrictions and delete a custom access restriction.
- SAP Business Objects XI3.1
- Universe Designer
Reproducing the Issue
- Create a new test user in the Central Management Console (CMC)
- Give it all the rights needed as a universe designer
- Go to a universe and choose to set a new user principle on it
- Specifically choose to deny the right "delete Objects" under "system" -> "Universe" rights section (So not the general "delete Objects" right).
- Now Open the designer and log on as this new test user
- Import the Universe and go to "Tools" -> "Manage security" -> "Manage access restrictions"
- create new custom access restrictions
- Now delete the access restriction and notice that you still are able to.
- The reason is that the right "delete objects" under "system" -> "Universe" only covers the universe object itself and not any other objects (like custom access restrictions that are stored separate.
- To deny the right to delete custom access restrictions you will have to specifically deny the general "delete objects" right.
- The general "delete objects" right encompasses all other objects other than the specific ones mentioned under the "system" rights area.
- Since there is no specific right to delete custom access restrictions; this object falls under the general delete objects right.
ADAPT01526258, ADAPT01526257 TE: 5000317319 , KBA , BI-BIP-ADM , BI Servers, security & CrystalReports viewing in BI platform , Problem
Crystal Reports 2008 V0