Setting up an open system of decreasing rights

This tutorial shows how to create an open security model, wherein groups of users are first granted rights to all objects on the system by default. As you add folders and subfolders to the system, you decrease the rights of users and groups, as required, in order to secure particular Crystal Enterprise content.

In this scenario, you are creating folders for several groups within your organization. You have some reports that you want to add to the system immediately. Because some groups plan to add their own reports later, you also need to give some users the ability to add subfolders and to publish reports. These are your security requirements for each folder:

• Everyone must be able to view the majority of your reports.
• Administrators require Full Control access to all folders and objects on the system.
• Sales Managers are allowed to refresh most reports against the database to view the most recent data.
• The Marketing group needs Full Control access to its own set of folders that no other user can access (other than Administrators).
• The Sales groups need a hierarchy of folders containing worldwide reports, regional reports, and management reports:
  • All Sales staff can view worldwide reports.
  • Sales staff can also view reports for their own regions. If the staff member is also a Manager, he or she can view and refresh reports from all regions.
  • Sales Managers require Full Control access to the management reports.
  • Sales Report Designers require custom administrative privileges to all Sales folders.

This tutorial consists of the following sections:

• Changing default rights on the top-level folder
• Decreasing rights to a private folder
• Publishing a set of folders and reports
• Setting the base rights on the Sales folders
• Creating a group of folder administrators
• Decreasing rights to the Sales subfolders

For a shorter, less detailed tutorial, see Setting up a closed system of increasing rights.