Siebel Analytics Web Administration Guide > Managing Siebel Analytics Web Security >

About Setting Siebel Analytics Web Permissions

Permissions are used to control access to shared information contained in:

  • Siebel Analytics Web Catalog items
  • Siebel Intelligence Dashboards

Permissions, which may be explicitly set or inherited, are configured from:

  • Siebel Analytics Web Administration screen
  • Analytics Catalog Manager

    To set permissions in the Web Catalog using Analytics Catalog Manager, Siebel Analytics Web must not be running. Use this option when you are working in a development environment or when you plan to make many changes. You can set permissions from the level of the application all the way down to individual requests in either Siebel Analytics Web or Siebel Analytics Web Catalog.

This section contains the following topics:

Types of Permissions in Siebel Analytics Web

Siebel Analytics Web supports the following permissions:

  • Change/Delete. Authority given to view content, and make changes or delete the content.
  • Full Control. Authority given to view content, make changes or delete the content, set permissions, and delete the item, folder, or dashboard.
  • No Access. Access is not allowed for this user or group. Explicitly denying access takes precedence over any other permission.
  • Read. Authority given to view the contents of the item, folder or dashboard, but cannot make any changes.
  • Traverse Folder. Authority to access objects in folders within the selected folder when the user does not have permission to the selected folder. Example: The user is granted Traverse Folder permission to the /shared/test folder. The user cannot access objects in the /shared/test folder, but can access objects stored in lower-level folders, such as /shared/test/guest.

Recommendations for Setting Permissions in Siebel Analytics Web

Follow these recommendations when setting permissions:

  • Assign permissions through Web Group membership, even if you want to assign permissions for a single user. For more information, read Types of Siebel Analytics Web Groups.
  • Set the permission to the Group folder for the appropriate groups to Read.
  • For groups (or users, if necessary) that are going to be modifying the dashboards and dashboard content accessible to the group, set the permissions for the group to Full Control. This is often a dashboard or content builder group. While allowing change and delete control, Full Control also allows the specified group (or user) to set permissions, and to delete the item, folder, or dashboard.
  • For each Subject Area, grant Read permissions to the corresponding Subject Area folder within the Requests folder (and everything it contains). Make sure that the Authenticated Users and Everyone groups have no access permission to the Subject Area folder.
  • For groups that should be able to save requests for public use against a given Subject Area, grant them Full Control to the Subject Area folder and everything it contains, and likewise for the Common folder. Read the Change Item Permissions help for details on managing permissions for folders, items, and dashboards.
  • To make sure that only members of the designated Web Groups (or users) have access to Siebel Analytics Web Catalog folders, folder content, and Siebel Intelligence Dashboards, do not set explicit permissions for the default Web Groups Authenticated Users or Everyone.

NOTE:  Siebel Analytics Web does not allow you to remove permissions for yourself or for the administrator. This prevents you from locking yourself out of an item, folder, or dashboard.

TIP:   To provide a place for all users within a group to share requests with each other, create a folder under the Subject Area folder called, for example, Share or Publish, and give the entire group Change/Delete permission to just that folder.

Siebel Analytics Web Administration Guide