Access Rights
Access Rights
Access rights determine which entities have rights to which objects.
Access Rights Configuration
Access rights can be granted or revoked in a number of ways and from a number of places, including using the Configure | Access Rights menu. From this page one can directly assign access rights for users or user groups to different reports, report groups or jobs. This is done by selecting the appropriate users or user groups and the different objects and then clicking on the Grant button. To revoke access, select the users and appropriate objects and then use the Revoke button. The Revoke All button can be used to revoke all access rights on a particular object, or for a particular user. The Show button can be used to view current access rights.
The primary purpose of access rights is to determine which users can run which reports. In summary, a user can run a report if
- He directly has the configure_reports permission
- He belongs to a role that has the configure_reports permission
- It's an lov report
- He has direct access to it
- He belongs to a user group that has direct access to it
- He has direct access to any of the report's groups
- He belongs to a user group that has direct access to any of the report's groups
For jobs, by default only the owner of a job has access to its output, particularly for published jobs. Shared jobs allow the output of a job to be shared with other users. To share a job's output, enable the Allow Sharing field on the job and grant access to the job to the users or user groups with whom the output will be shared using the Access Rights Configuration page. These users will be able to access the job's output from the Jobs menu.
