I am setting up a group in managed reporting for some users that I want to provide access to our webfocus development environment. I have limited the domains that this group has access to and would also like to restrict the synonyms they see when choosing info assist, graph assist, etc. Currently they appear to have access to all the synonyms defined on this server. Is there a way to only provide these users in this group with access to synonyms within a specific application directory? I am trying to avoid having to set this for each indiviual synonym so if I can restrict access to a directory that contains only the synonyms I want the user to work with that would be prefered.

Thanks,
Bob C

This message has been edited. Last edited by: Kerry,

This should help.

Another option would be to use Profile Documents either at the server, group, or user level.

In the profile you would add something like this

-SET &&IBI_IF_FILE='c:\ibi\apps\some_app_folder\file_access.fex';

Then in the file_access.fex file you can put this

WHERE NAME EQ 'THIS_SYNONYM' OR 'THAT_SYNONYM' OR 'SOME_OTHER_SYNONYM'

We are running with LDAP security so I create a profile that corresponds with each Active Directory User Group name and manage their access in the fex files. That way, when a new user account is created it is just added to the appropriate Active Directory User Group and their data access is derived from the profile document on the WebFOCUS server.

We use the same type of method to declare filters for specific data access restrictions within a given synonym.

tech memo 4550
works for me (and Dan!)

but what i've done to restrict apps for QuickQuery, and also for InfoASsist
is create for each user their own profile
Sounds hard, but it isn't and it works great.
In /ibi/profiles/
you create a file for each user with their logon id
eg. for me,its joness16.prf
Inside that file is an APP PATH statment
that revises whatever profile is set in the edasprof, and sets it, hard, for a user.
The domain's path, when that user is running stuff from dashboard or mre, ADDS to the user's profile PATH, the same way it would to the system's edapath (as set in edasprof.prf).

This way, any given user with QuickQuery can see only whats on their profile path.
This way i can, for example, get all that PMF app mess OFF my edapath.

here's an idea that i got from a fellow Summit-er, that was wicked...
ONE app for .mas only
TWO apps for their corresponding .acx files,
one perhaps pointing to Dev and the other to Prod...
then in a user's profile, you designate their path
APP PATH masters devacx
..
and another user gets
APP PATH masters prodacx
...
sweet! I'm sorry i can't remember who gave me that idea, but speak up, its wicked.

This message has been edited. Last edited by: susannah,

Hmmm....

Anyone have any idea how I can restrict Synonym access from WITHIN an app directory on different users?

In the WebFOCUS Peoplesoft adapter, it's required that all synonyms reside in an app folder called "snapcat". When we have multiple PS instances (PRD, DEV, QA, TRN, etc) this can get *HUGE*, hundreds of MFDs in one directory, all added to the selection list of every user on InfoAssist and Dev Studio.

It would certainly be nice if we could restrict these to different user profiles based on some synonym mask. Can't split them out to different app paths because IBI tells us that all PS synonymns must reside in snapcat.

Dan at UNO

Susannah - In 7.6.9 you can now specify security for QuickData users so that it uses MRE or Reporting Server security. You can even specify a specific domain if the MRE option is selected. In theory, this should pick up any settings you have put in the user profiles. I haven't tried it myself though.

Dan - take a look at the link Susannah posted. This is the basic method she and I are using. Here is a link to the same info but for v7.x Customize Display of Masters Fields Etc

Try this
take a subset of the masters&.acx files and put them in a separate TEST app
make a profile for some dummy user (or your own self) in ibi/profiles that says
APP PATH test
Then log in as that dummy user and , from some benign place like a backend app indevstu,
APP SHOWPATH
to verify whats on your path.
Then open excel and try a quickquery...and see what shows up... should be just your subset.
and then TRY reportassist on one of them, to see if it works.
Just might?