Global and object permissions

When you define application roles, you start with their global permissions.

In the Application Roles dashboard, you create a role and then apply global permissions to it. Global permissions include View application, Administer permissions, Edit rules, etc.

You then define object permissions. You define object permissions for reports in Application Studio. You define object permissions on dashboards, in Dashboards.

When you define permissions on reports, all reports within a folder inherit the permissions of the folder. You can break this inheritance if required, by removing permissions for individual reports or folders. For example, if sales and finance reports are stored in folders below a parent folder, they inherit the parent folder's permissions. But you do not want sales users to view finance reports, so you remove the permission from the finance folder. You can also break inheritance by adding permissions. For example, you might give the sales team permission to create their own reports.