Hello,

If I understand the MRE structure correctly, we can use Dashboard to limit users to specific folders on the standards reports in a particular domain, using either role tree or specific content list/folder blocks. This is great, as we can have one domain with several groups that have access to that one domain, then seperate out the roles based on their group membership.

But what happens if the dashboard user logs into the applet environment? They see the whole standard reports tree.

How does one limit the dashboard users from breaking out of their specific assigned roles (or list/folder blocks) if they can turn around log into the MRE applet and see everything?

Maybe I'm missing something, but is there any role definition for the applet environment? Alternatively, is there any way to limit users to Dashboard only?

I'm trying to avoid creating a huge number of domains just to lock Dashboard group views down. But without any way to keep them from logging on and accessing a domain via the applet, I'm not seeing how this can be accomplished. Is there an &IBI_uservariable that exists for determining whether a user came in from applet verses worp (Dashboard)?

Any clues for the clueless would be most appreciated.....

Regards,

-- Dan

Dan,
Maybe I'm missing something, but did you set your users up using the MR Administrator tool? In our environment the end users can only see the domains they belong to in Dashboard or the MR Applet tool. We set them up using the MR Administrator tool from the WF Menu on the distribution server.

Yes, I set them up in MR admin tool, and they are locked into a specific domain. But under Dashboard group views I can further restrict what they can see within their domain using a role tree, or by specifically creating content blocks (folder or list). This restriction is made meaningless if they log onto the applet environment, or use their personal dashboard view.

I've researched the Focal point forum for dashboard-related topics, and I guess I'm not the first person who has encountered users on group views getting around a "canned" dashboard setup to all the other standard reports in their domain using their personal view.

I was just hoping that there was a way I could utilitize group views to share a single domain and not have people break out of their environment by getting at the standard reports via another mechanism, specically the MRE applet.

Here's an example:

We have three independent academic programs -- "HONORS", "DISTANCE EDUCATION" and "HIGHSCHOOL DUAL ENROLLMENT". I would create three seperate groups for these programs, and set the appropriate users to those groups. I would like to bind those three groups to a single domain called "Special Programs". I would then like to create seperate folders on Standard Reports for their respective group roles. Then I would
to map those folders to seperate group views in Dashboard. Dashboard allows this very nicely, keeping roles bound to groups. Until one of those curious users decides to log into MRE applet, then sees all reports in the single domain on the standard reports tree.

So, since I can't seem to keep users locked into Dashboard group views where the specific roles are bound to their group (as they can always circumvent dashboard's role-based construct through the MRE applet), it looks like I have to create three independent, seperate domains for each group just to ensure that they can't access each others specialized reports. Which is a maintenance pain and is going to grow our domains rather large.

Or am I missing something?

Regards,

Dan Kenny -- University of Nebraska at Omaha
Prod: WF 7.1.5 Linux Dev: WF 7.6.0 Linux