Group ACLs
Access control lists (permissions or access rights) can be assigned to user groups.
Each space can have groups that contain users and have access rights. Users
can be members of multiple groups. The users in a group get the access
rights assigned to the group.
Example Scenario for Groups
Use groups and ACLs to assign rights according to user roles. For example, you could have three roles: Admins, Analysts, and Business
Users. You can create the groups and and assign ACLs to each group.
- Admins: AdvancedAdmin, EditReportCatalog
- Analysts: Adhoc, EditDashboard, ModifySavedExpressionsAllowed
- Business Users: EnableDownload, EnableBookmarks, ExploreInVisualizer, SelfScheduleAllowed
In this example, the administrators would be members of all three groups,
the analysts who create reports and dashboards would be in the
Analysts and Business Users groups, and end users would be in
the Business Users group.
To add or remove ACLs from a group
Use the ACL names in the table below for the ACL_tag
in the addacltogroup
and removeaclfromgroup
commands in the Command Window to add
ACLs to a group or remove ACLs from a group:
addacltogroup space_name group_name ACL_tag
removeaclfromgroup space_name group_name ACL_tag
Important: After
assigning ACLs to a group, the users in that group need to log out and
log back in before the permissions take effect.
Tip: You can set many of the ACLs in the user interface at Admin
- Manage Access - Manage Groups.
ACL Tag
|
Name on Manage Groups Tab
|
Allows Users in the Group to...
|
Adhoc |
Designer Access |
Access Designer. |
AdvancedAdmin |
Not Available in Manage Groups tab
|
Access
the advanced administration options at Hierarchies - Advanced and at Manage Sources - Grain - Specify Override Level Key Columns. These buttons are inactive
when this ACL is not enabled. Also access Data Flow - Add - Add Inherited Source.
Only Account Administrators can grant the AdvancedAdmin ACL.
|
EditDashboard |
Edit Dashboard |
Create and edit Original Dashboards and Dashboards 2.0. |
EditReportCatalog |
Edit Report Catalog |
Rename files and folders, delete files and folders and create
new folders from Designer and Original Dashboards. |
EnableBookmarks |
Enable Bookmarks |
Use bookmarks in Dashboards 2.0. |
EnableDownload |
Enable Download |
Export
to file (csv, xls, etc.) from Designer, Visualizer, Original Dashboards, and Dashboards 2.0. |
Visualizer |
Visualizer Access |
Access to Visualizer. (This ACL used to be called "EnableVisualizer".) |
ExploreInVisualizer |
Dashboard Visualizer Exploration |
Use the Explore in Visualizer dashlet option for end users of Dashboards
2.0. Applies to Visualizer reports only. |
SelfScheduleAllowed |
Enable Self Schedule |
Schedule reports to be delivered from Original Dashboards and Dashboards 2.0. |
ModifySaved- ExpressionsAllowed |
Modify Saved Expression |
Create and modify saved expressions in Designer. In Visualizer a user requires this permission to make an expression global. |
NewDashboard
|
Not Available
|
This ACL is deprecated (5.22). Access to Dashboards 2.0 no longer requires an ACL. |
storytellingAccess |
Enable Storytelling |
Allows Users in the Group to access storytelling on mobile devices. |
See Also: