If you are unable to create a new account, please email support@bspsoftware.com

 

How to disable Dashboard feature by default

Started by Eag. E, 24 Apr 2020 04:33:21 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Eag. E

24 Apr 2020 04:33:21 AM
Hi Gurus, I want to disable Dashboard by default, whereas I set only one group of user to use it. At the very beginning I gave all "authenticated user" deny Dashboard, and gave only the right group to enable Dashboard, then I found if DENY has been applied, no other rules can be preformed.
That's your suggestion, thanks

MFGF

#1
24 Apr 2020 07:06:51 AM
Quote from: Eag. E on 24 Apr 2020 04:33:21 AM
Hi Gurus, I want to disable Dashboard by default, whereas I set only one group of user to use it. At the very beginning I gave all "authenticated user" deny Dashboard, and gave only the right group to enable Dashboard, then I found if DENY has been applied, no other rules can be preformed.
That's your suggestion, thanks

Hi,

Adding a specific Deny for any user/group/role overrides access granted elsewhere, so this is not the way to go. The way security works is that any user gets the sum of all capabilities granted to them (ie of all groups and roles they belong to), unless something is specifically denied. What you need here is an implicit deny - ie the users do not have the capability granted.

You need to identify what groups and roles your users belong to, and then for each, remove the 'allow' for dashboards. Make sure you remove the capability for the Everyone group and the All Authenticated Users group too (it's easy to overlook these).

Once the capability has been removed from all users, groups and roles, add it back in for just the one group you need dashboard access for.

Cheers!

MF.
Meep!

Eag. E

#2
24 Apr 2020 08:36:03 PM
Quote from: MFGF on 24 Apr 2020 07:06:51 AM
Hi,

Adding a specific Deny for any user/group/role overrides access granted elsewhere, so this is not the way to go. The way security works is that any user gets the sum of all capabilities granted to them (ie of all groups and roles they belong to), unless something is specifically denied. What you need here is an implicit deny - ie the users do not have the capability granted.

You need to identify what groups and roles your users belong to, and then for each, remove the 'allow' for dashboards. Make sure you remove the capability for the Everyone group and the All Authenticated Users group too (it's easy to overlook these).

Once the capability has been removed from all users, groups and roles, add it back in for just the one group you need dashboard access for.

Cheers!

MF.

Thanks MF. :)
Print
Go Up Pages1
User actions
BSP Software Documentation
MetaManager Documentation and Knowledgebase
Version Control Documentation and Knowledgebase
BSP Software Resources About Us
MetaManager BSP Software Training BSP Software
Integrated Control Suite YouTube Channel Micro Strategies Inc
Security Migration IBM Cognos
Integrated Management Suite