We have upgraded and migrated our 7.7.03 dashboards to webfocus 8 but I am having some real difficulties getting my head around the new security. The last step before we switch over is for me to get our registered users cleaned up so am trying to create some instructions for our helpdesk but I can't register a user that has appropriate access to the dashboards.

I have looked at and duplicated the authorities from a migrated user but still no luck.

This message has been edited. Last edited by: <Kathryn Henning>,

Hi,

This gets complicated.

Basically there is a role that equeates to a group of permissions. For example domain_basic_users one of the permissions available for roles is "Access Dashboards" make sure the role is granted this permission

Now I assume your user is in a group for example "Basic_users_group"

On the folder in the content tree make sure that group has the domain_basic_user Role permitted and the person should then be able to view the dashboard.

This is where things get very confusing for me.

To detail a basic user account that was migrated ...
The user is a member of these migrated groups:
IBFS:/SSYS/GROUPS/Schedule_privilege
IBFS:/SSYS/GROUPS/base
IBFS:/SSYS/GROUPS/base/schedule
IBFS:/SSYS/GROUPS/Library_privilege

I deleted a basic test user and went through the process of re-adding them to get documentation together for our helpdesk team so added the user and subsequently added them to these 4 groups.

Logging in with this test user, on our first dashboard tab that consists of just an HTML welcome page, I get an error "Error Access to item denied". Then going into each of the tabs none of the reports are displaying.

The original user I templated this user off of though works perfect.

What am I missing?

Is this a dashboard also get moved from 77 to 80? Did those users already got access to that dashboard?

If you migrated everything from 77 to 80 then if it is not working means, there are 2 settings you need to do.

Please confirm the above then I will tell you the next steps.

The dashboards and users were moved from 77 to 80. The users that had access previously and were migrated are working fine and still have their original functionality intact.

I am unable to add any other users though.

After you added the user, right click on the user and it will show a popup window with 2 tabs.

The second tab is for Role. Select that and the last option might be WF_ROLE_USER or something like that. Select that.

And also, this user might be on the dashboard group and also the domain.

I see that maybe this is a factor to the issues I am having. I do not have the tab available for Role when editing a user. I am the only admin on the system, how would I fix this?

Go to security center, right click on user --> Edit

you should see 2 tabs. The second tab will say Default_Role.

That is where you need to change.

Hi,

The method described above is technically mimicing the old method of doing security

To enable the ability to see the old roles do the following click on administration. under application settings click other then set IBI_ENABLE_UDR to True.

I don't think you have to restart the JVM for the change to take effect. Now when you right click a user you will see the role tab.

If you want to see what permissions the role on the user gets when you give them basic_user then in security center click the Roles Tab at the tob so you no longer see the list of users and groups. Scroll down and you will see a set of locked "roles" one of them being WF_ROLE_USER if you double click and open that you will see that they have the legacy privilege to access a dashboard.


You can accomplish the same thing by creating a new group under you BASE group called Base Basic Users then
in the content tree give the basic users group the wf_role_user permission the security workshop/class provided by IBI goes into this in detail and describes how the new security works. Though the security and administration manual isn't a bad place to start.

Crystal

Yes, CLH is right. We need to set the variable in administration console.

If you want to get the new security features then you need to apply the modernization on your existing domain. Just create a new enterprise domain with the same name of existing domain, that will refresh your old domain to the new WF8 format domain. Then you can see the options for "Advance Users, Basic Users, etc...)".

I know it is not straight forward but once you get the real functionality working, you can see the use of the new security model. It is very good.

It's more then Menotoring... it's training...
IB Has all the training you need for this...

Thanks a lot guys, I think I am finally getting my head around this. I have seriously been banging my head against a wall on this for a week now and nothing made sense.

I went the route of creating a new sub group under base and giving that sub group WF_Role_User and WF_Privilege_schedule and everything worked exactly how I would expect it should as the security and administration manual described.

The migrated authority is really a mystery to me though. I do not understand how these migrated users have access. I had assumed the migrated groups had appropriate privileges but it is becoming obvious that they did not and trying to look at a migrated user to pattern the authority for new users is not going to work.

We are doing just a straight forward migration at this point and I will be working on modernizing after we go live but it is looking to me like this security step is one that is necessary for me to be able to add users to the migrated content.

We do have a number of domains so I can now set up these new sub groups and write up some documentation for our helpdesk to add users. This was the last show stopper to us going live so I am very relieved.

Again thank you.