03-07-2023 04:29 PM
CubeView that was assigned to different role is still visible when the user is set to another role.
User with Role2 is able to view CubeViewProfile1 and all of its members while user with Role1 is able to view CubeViewProfile2 under OnePlace > Cube Views.
How do I hide the CubeViews in OnePlace from users who do not have the right role? Are there other configurations I need to take into consideration?
03-08-2023 05:50 AM - edited 03-08-2023 05:57 AM
That doesn't seem to be the case in my environment (7.2.2).
Make sure you're not testing with users in the Administrators group, because they bypass all security.
Restricted and unrestricted groups:
Combined in restricted profile:
User is not provisioned for that group:
User does not see the restricted profile:
03-09-2023 11:25 AM
Thank you for your response.
I believe the Maintenance Group overwrites the Access Group. If the Cube View Profile is maintained by everyone, then everyone can view the Cube View.
03-10-2023 03:52 AM - edited 03-10-2023 03:53 AM
Uh, not in my tests. Users see the profile, see any group in that profile that Everyone can see, but cannot see any group they are not entitled to.
Note they can't see the "srtsrt" view.
Access and Maintenance are effectively synonyms for "Read" and "Read/Write". If a user is entitled to maintain a Profile, then it's entitled to see it (otherwise, how could you edit something you can't see? And if you can edit, you can just change settings on it to see it anyway...). So as soon as I switch the maintenance group on BobProfile, even users not in BobGroup can see it.
However, a profile is just a collection of groups, and Group security overrides Profile security. So users not in BobGroup will not be able to see anything contained into that group, even if they have access to the Profile.
If you're not seeing this behavior, there might be a bug in the specific release, which you might want to discuss with Support.
Hope that helps!