To create a user profile, click the Security icon from the system tab of the ribbon bar, then go to the Security Profiles tab and click "Add Profile" as shown,
Profile Name : is the name of the profile.
Administrator: grants permission to access the users accounts and security management. Note that only users having a license of type "Developer" can potentially access to the users accounts and security management so this feature can be assigned only to such users.
Custom Base DN: this is an optional setting of the LDAP configuration which allows to customize the base DN for searching the user in a specific sub-tree of the LDAP directory.
Assign License: attributes the Board license when the user logs-on by using one of the server's available Board licenses.
Authorized Visitor: choose this option if the user has a standalone license installed his computer.
License: Select the license type to assign to the user.
MS-Office: Grants rights to use the Board Add-ins for MS-Office.
Note:
When the user has a StandAlone license, this option allows you to demote the license level. For example, selecting Lite license grants the rights of a Lite license even if the user has a higher license such as Full standalone.
This group of settings allows you to define which Capsules a user may view. With regards to confidentiality, we can identify three types of Capsules,
public Capsules that can be viewed by all Board users;
group Capsules, restricted to a particular user group such as a company department or a project team and
private Capsules, these are user’s personal Capsules.
Note that the Capsule in itself does not contain any data but only analyses definitions, which, when opened, will be populated with data filtered on the user’s database security profile. The database security profile defines what portion of a cube the user may view – for example with regards to a sales cube, a user may be allowed to view it entirely or have access partially restricted to a state or a specific product group. A public Capsule may for example contain some reports and key performance indicators that every Board user is able to monitor (such as actual sales versus sales budget) but each user will actually be looking at its own sales figures and its own performance indicators. A Capsule is therefore public because it provides all users with the same evaluation criteria and analysis methodology but not necessarily the same data.
Organizing Capsules into directories and sub-directories, then defining who can view which folders, is a simple way of managing Capsules access. In all Board installations there is always a default Capsules folder called Main, generally used as the public Capsules folder. For each user group and for each individual user, create a folder, using for example, the group name or the user name to store the group Capsules and the private user’s Capsules. For example, if some Capsules should only be available to the finance department users, create a directory on the server where these capsules will be stored, then only grant access to this folder to the finance department users (see below how to grant access to a Capsules folder).
Allow Access to All folders: grants access to all existing Capsule folders.
Allow Access to Listed Folders: This option allows you to explicitly define the names of Capsule folders that you want the user to be granted access to. The folders list should be typed in the table just below, using the folder’s full path. It's possible to give access only to sub-folders without being forced to give access to its parent.
Deny Access to Listed Folders: Unlike the previous option, this allows you to name which Capsules folders you want to deny the user or user group access to.
Allow execution of security critical procedures : grants permission to launch batch commands that run on the server. This option allows a user to launch a server-side command set in the Launch action of a Procedure. Refer to the Launch action for details.
Deny Layout designer : when enabled denies access to the Layout window of reports and charts of Capsules.
Deny Selection editor : when enabled denies access to the Select window in a Capsule.
Deny Export and Print : when enabled denies the use of the print and export functions.
Default Board database security profile: is the name of the default database security profile linked to this user profile.
When a user accesses a Board database, the selected security profile is applied with the relevant restrictions and privileges. For more details of database security profiles read the next topic of this user guide.
To define a specific security profile depending on the database, click on the "Databases" icon the type the database name and corresponding security profile.