Object rights are the base units for controlling users' access to folders, reports, and other objects within Crystal Enterprise. When granted, each right provides a user or group with permission to perform a particular action on an object. For any object, you can set security levels that affect individual users or entire groups.
To set object rights within the Crystal Management Console (CMC), you first locate the object, and then you specify the rights for different users and groups. Each object right can be Explicitly Granted, Explicitly Denied, or Not Specified. The Crystal Enterprise object security model is designed such that, if a right is left "not specified," the right is denied by default. Additionally, if contradictory settings result in a right being both granted and denied to a user or group, the right is denied by default. This "denial based" design assists in ensuring that users and groups do not automatically acquire rights that are not explicitly granted.
To facilitate administration and maintenance, Crystal Enterprise includes a set of predefined access levels that allow you to set common security levels quickly. Each access level grants a set of rights that combine to allow users to accomplish common tasks (such as view reports, schedule reports, and so on). It is recommended that you use the predefined access levels whenever possible, because they can greatly reduce the complexity of your object security model. For more information, see Setting common access levels.
Whether or not you use access levels, you can also take advantage of the inheritance patterns recognized by Crystal Enterprise: users can inherit rights as the result of group membership; subgroups can inherit rights from parent groups; and both users and groups can inherit rights from parent folders. When you need to disable inheritance or to customize security levels for particular objects, users, or groups, the Advanced Rights pages allow you to choose from the complete set of available object rights. Most importantly, the advanced object rights allow you to explicitly deny any user or group the right to perform a particular task.
Tip: For detailed tutorials that walk you through sample implementations of object rights, see Customizing a 'top
Click the appropriate link to jump to that section:
| Crystal Decisions, Inc. http://www.crystaldecisions.com Support services: http://support.crystaldecisions.com |