Access permissions on folders
Access permission control on folders begins at a high level and progresses down to a more granular level on folders and folder items. If a folder item contains sensitive information, you can restrict access to the item.
There are four separate aspects to access control:
- User Types:
Applies to all folders in an installation.
There are several user types available:
- Product Administrator: Full access, including all product administrative areas.
- Inherit Access: Inherits the maximum access based on the LDAP groups the user belongs to.
- No Access: No access. This user type is often used to create an account in anticipation of the arrival of a new employee who will require access at some future time.
- QuickScan User: Access to a simplified view to create quick, easy-to-use scans to test the applications they are responsible for. Most users are QuickScan users.
- Standard User: Access to regular features, with no administrative permissions. Can be assigned different roles in folders.
Note: In addition to these user types, you can also create a Custom User Type to assign a limited set of administrative tasks users. These users only see the Administration and Jobs & Reports pages they are permitted to see. - User Roles: Assigned on a per folder basis by a Product Administrator. A user must be granted access permission to every folder where they will perform tasks. Folder permissions determine what the user can see and do within the folder.
- Per item/per user: Assigned on a per folder item basis (report packs and dashboards) by an Administrator.
- Per folder: Assigned per folder by a Product Administrator. When a folder is created, users will inherit the same user roles that exist in the parent folder. For example, all Standard Users in Folder A are Report Administrators. Those users will automatically be Report Administrators in any subfolder, unless an administrator (job, report, or system administrator) manually changes their permissions. system administrators can also propagate user permissions down the folder hierarchy at any time.
Note: All users with a Report Consumer
role or greater in a folder
are granted implicit access to a report pack or a dashboard
when one is created in that folder. You must specifically change their
user access to No Access if you do not want users
to inherit access to an item. Implicit access is inherited through
`All Other Users' when the user is not listed on the Users
and Groups page, and `All Other Users' is assigned access.
Access to a report pack or dashboard is considered explicit when you add a user/group to the Users and Groups page of a report pack or dashboard and grant them access.