Forum Discussion

bjornliow's avatar
bjornliow
New Contributor II
2 years ago

Cube View Access/Visibility

CubeView that was assigned to different role is still visible when the user is set to another role.

Example:

  • CubeViewProfile1 - Access Group: Role 1
  • CubeViewGroup1.1 - Access Group: Role 1
  • CubeViewGroup1.2 - Access Group: Everyone
  • CubeViewProfile2 - Access Group: Role 2
  • CubeViewGroup2.1 - Access Group: Everyone

 

User with Role2 is able to view CubeViewProfile1 and all of its members while user with Role1 is able to view CubeViewProfile2 under OnePlace > Cube Views.

How do I hide the CubeViews in OnePlace from users who do not have the right role? Are there other configurations I need to take into consideration? 

Security
  • JackLacava's avatar
    JackLacava
    Honored Contributor
    2 years ago

    That doesn't seem to be the case in my environment (7.2.2).

    Make sure you're not testing with users in the Administrators group, because they bypass all security.

    Restricted and unrestricted groups:

    restricted group

    un-restricted group

    Combined in restricted profile:restricted profile

    User is not provisioned for that group:user does not belong to group

    User does not see the restricted profile:

    user does not see the restricted profile

    • bjornliow's avatar
      bjornliow
      New Contributor II
      2 years ago

      Hi, 

      Thank you for your response.

      I believe the Maintenance Group overwrites the Access Group. If the Cube View Profile is maintained by everyone, then everyone can view the Cube View. 

      • JackLacava's avatar
        JackLacava
        Honored Contributor
        2 years ago

        Uh, not in my tests. Users see the profile, see any group in that profile that Everyone can see, but cannot see any group they are not entitled to.

        Note they can't see the "srtsrt" view.

        Access and Maintenance are effectively synonyms for "Read" and "Read/Write". If a user is entitled to maintain a Profile, then it's entitled to see it (otherwise, how could you edit something you can't see? And if you can edit, you can just change settings on it to see it anyway...). So as soon as I switch the maintenance group on BobProfile, even users not in BobGroup can see it.

        However, a profile is just a collection of groups, and Group security overrides Profile security. So users not in BobGroup will not be able to see anything contained into that group, even if they have access to the Profile.

        If you're not seeing this behavior, there might be a bug in the specific release, which you might want to discuss with Support.

        Hope that helps!