Here is my situation. I have a group set up in Active Directory for a group
of people that will share similar reports. The problem is that there is one
report that one particular user in that group doesn't need to see, but
everybody else in the group does need to see the report. Right now I have
the group added so everyone sees the report.
How can I exclude that one user from the report, but allow everyone else to
still see. This of course is without creating a new group of the same users,
but without this particular user. That would work, but seems as if there
should be another way.
Thanks!
BJbjkaledas,
I don't know how well you will like this answer, but I don't see many
other alternatives...
That report is currently inheriting its permissions from the folder it
is in. You can override that inheritance and specify item-level
permissions for that report (without affecting the other reports in
that folder).
Once you override the inheritance, you will have to delete the AD group
and add all of the group members EXCEPT for the user you want to
exclude. Unfortunately, that also means that you will have to manually
maintain those permissions when new members are added to the AD group.
Not optimal, but all I can think of.
Microsoft could solve this problem by allowing administrators to
explicity grant AND explicitly deny permissions to objects. All
permissions would stack, and in case of a conflict, it could default to
the most conservative (or limited) access level.
For example, if a user was in a group that could view and another group
that could execute, then the user could view and execute. However, if
the user was in a group that could execute and another group that could
"not execute", then it could default to the "not execute".
Maybe they will include that in the next release...
-Josh
bjkaledas wrote:
> Here is my situation. I have a group set up in Active Directory for a group
> of people that will share similar reports. The problem is that there is one
> report that one particular user in that group doesn't need to see, but
> everybody else in the group does need to see the report. Right now I have
> the group added so everyone sees the report.
> How can I exclude that one user from the report, but allow everyone else to
> still see. This of course is without creating a new group of the same users,
> but without this particular user. That would work, but seems as if there
> should be another way.
> Thanks!
> BJ|||Josh,
Thank you for your response. It seems easier to get one here than on the
forums. I had feared that was the only way around this issue. That is ok
though. Hopefully they will have exclusions in the next version. Hopefully
they will have exceptions in the Subscription schedules also!
Thanks again!
BJ
"Josh" wrote:
> bjkaledas,
> I don't know how well you will like this answer, but I don't see many
> other alternatives...
> That report is currently inheriting its permissions from the folder it
> is in. You can override that inheritance and specify item-level
> permissions for that report (without affecting the other reports in
> that folder).
> Once you override the inheritance, you will have to delete the AD group
> and add all of the group members EXCEPT for the user you want to
> exclude. Unfortunately, that also means that you will have to manually
> maintain those permissions when new members are added to the AD group.
> Not optimal, but all I can think of.
> Microsoft could solve this problem by allowing administrators to
> explicity grant AND explicitly deny permissions to objects. All
> permissions would stack, and in case of a conflict, it could default to
> the most conservative (or limited) access level.
> For example, if a user was in a group that could view and another group
> that could execute, then the user could view and execute. However, if
> the user was in a group that could execute and another group that could
> "not execute", then it could default to the "not execute".
> Maybe they will include that in the next release...
> -Josh
>
> bjkaledas wrote:
> > Here is my situation. I have a group set up in Active Directory for a group
> > of people that will share similar reports. The problem is that there is one
> > report that one particular user in that group doesn't need to see, but
> > everybody else in the group does need to see the report. Right now I have
> > the group added so everyone sees the report.
> >
> > How can I exclude that one user from the report, but allow everyone else to
> > still see. This of course is without creating a new group of the same users,
> > but without this particular user. That would work, but seems as if there
> > should be another way.
> >
> > Thanks!
> >
> > BJ
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment