Is there a way to set the permissions of a report(s) so that only I, the creator, has the right to modify the report and the other authors only have the right to view the reports and NOT modify them?
yes its possible, create 2 groups for 1st group grant all the permissions for the 2nd group grant only traverse and execute.
add this groups to the folder where the reports are located and add the users to the respective groups.
Thanks for the response. I am glad that there is a way, but I am not sure what you mean by "traverse"? Would you be able to write down some more exact steps? Thanks!
traverse is one of the rights (read, write, execute, traverse, policy) you can give to users/groups once you go to the permissions page for the report folder.
Hi,
I have tried this a couple of times and then put it aside out of frustration. I am back to it again. I put my steps in a word document. Will you look to see if I am performing the right steps? Thanks
You have to deny write access to prevent others from modifying the report.
I don't think you actually have to deny write access, just don't grant it. I always try not to use the deny option (especially on groups or roles). If you are a member of two groups and you get a grant on one group and a deny on the other the outcome is a deny (ie deny overrules all grants). If you don't grant write access it should do the same.
What i don't understand in your word document is why do you have permissions to groups/roles/users that are unknown? You are now denying rights to groups not known in your ldap. Did you drop the entries of your LDAP? Did you export/import cognos connection and did you forget to also export/import the content of your LDAP? Anyway, as long as you are seeing "entry not accesable" you are doing something wrong.
You are right in that deny overrules grants but that's the key to make it work when same user is modified to have different capabilities and permissions depending upon his group associations.
This way we can include him in a group of authors with all the rights and also include him in another group that has a deny write for some particular folder.
Of course there are more than one way of doing things.