Setting Folder and Resource Permissions

Administrators with the applicable roles associated to their user IDs may assign permissions to folders or resources in the repository. Folder and resource permissions determine what users can view and do in the repository. Permissions can be assigned to both users and roles. A user with one or more roles may have multiple permissions defined or inherited on a folder or resource. Permissions apply when a user browses or searches the repository, or uses any dialog that accesses the repository; for example, when browsing folders to save a report.

Before you set folder and resources permissions, note the following:

When a user copies an item to a folder, the item adopts the permissions set for that folder.
Copying and moving items can only be completed if a user has Read, Write, and Delete access to the folder in which the user pastes the item.
A user can cut and delete multiple resources at the same time if the user has Read and Delete permission on the selected resources.
A user can cut, delete, and set permissions on folders if the user has the same permission on all the folder contents.
A user can delete a resource or the contents of a folder if no other resources rely on them.

You can complete the following tasks from this page:

Set user and role permissions.
Test user permissions.

Note: XRA supports the inheritance of permissions from the parent folder of a folder or resource. If no permission is defined for a user or role on a folder or resource, the user or role has the same access permission as that defined on the parent folder. If you define a permission on a subfolder or resource, that permission holds, regardless of the parent folder's permission.

Permissions can be role- or user-based, giving you the flexibility to assign a permission to a role or to a specific user. The table below describes the actions allowed for each permission.

Permission	Actions allowed
No Access	Users cannot view or access the folder or resource in the repository or when running a report, dashboard, or OLAP view. If you have sensitive content in a resource, you can block access to it by setting the No Access permission for the relevant users or roles. This permission can apply to features that are not available to certain users; for example, audit, diagnostic, templates, and custom reports, while an administrator (ROLE_ADMINISTRATOR) may have access to some of these items.
Execute Only	Users cannot view the folder or resource in the repository; however, they can run reports, dashboard, or OLAP that access the folders and resources. For example, a user (ROLE_USER) may have this permission for custom controls (data sources, images and input controls), templates, report items, and professional services.
Read Only	Users can do the following: View the folder or resource in any dialog. View the properties of a folder or a resource. View and run a report, dashboard, or OLAP view. Run a report in the background. Copy a folder and its contents. Copy single or multiple resources. Not available at present: Schedule a report to run later. For example, a ROLE_USER may have read-only permissions for dashboards and reports, but a professional services agent (ROLE_PROFESSIONAL_SERVICES) can have Administer permissions.
Read/Delete	Users can do all of the above and the following: Cut or move a folder and its contents. Delete a folder and its contents. Cut or move single or multiple resources. Delete single or multiple resources.
Read/Write/Delete	Users can do all of the above and the following: Add a subfolder. Paste into a folder after copying or cutting an item. Save a new Ad Hoc view, report, or dashboard in a folder. Save the output of a scheduled report in a folder. Rename a folder or resource and edit its description. Open an Ad Hoc view in the Ad Hoc Editor or a dashboard in the designer. Modify and overwrite an existing Ad Hoc view, report or dashboard. Add a report resource to the repository, such as uploading a JRXML. Edit the definition of a resource in the repository, such as replacing a JRXML.
Administer	Users with this permission can do all of the above and the following: Set the role and user permissions on a folder or resource. This delegates certain administration tasks.
Administer and ROLE_ADMINISTRATOR	An organization administrator can do all of the above and the following: Add or create a resource in a folder. Edit a resource.

Set User Permissions

Users with the administer permission on a folder can assign permissions to that folder and any contents that inherit the permission. Users with the administer permission for a resource can only set the permissions on that specific resource.

To set permissions on a folder or resource in the repository

After logging in as an administrator.

Open the Folders/Repository panes.

Either click View > Repository from the XRA menu bar or click the Browse icon from the administrator's Home page.

In the Folders pane, browse or search for the folder or resource.

Right-click the item and select Permissions.

The Permissions dialog box opens. It displays the permissions for the selected item, with permissions given to roles shown by default. An asterisk beside a permission indicates an inherited permission from the item's parent.

Administrators only have access to the user and role permissions within their organization or organizations.

In the dialog, click User to view the permissions assigned to specific users. To move back to user permissions, click Role.

For each user or role, select a new permission from the list box.

Click Apply to apply your changes before you toggle between user and role permissions.

Click OK to save your changes and close the dialog box.

Testing User Permissions

After you add new users, roles, resources and set permissions, you should test user permissions to ensure the security of your data.

To test user permissions

Open the Organizations/Users/Properties panes.

Either click Manage > Users from the XRA menu bar or click the Manage Users icon from the administrator's Home page.

Select the user’s organization, and then browse or search for the user whose permissions you want to test.

In the Users pane, select the user.

In the Properties pane, click Login as User.

The selected user’s Home page should appear, with the user's login details displayed in the upper-right corner

In the repository, browse or search for the folders and resources to test as this user. Ensure that the right folders and resources appear.

After you have checked that the right folders and resources for this user appear in the repository, click Log Out.

Your Home page appears.

If the user's permissions were incorrect, edit the user’s permissions and change the user or role definitions.