Is it possible to allow an InfoAssist user to access a mas file while preventing another InfoAssist user to use this mas file to generate new content?

[Todd Van Valkenburg]

In this scenario, both InfoAssist users belong to the same AdvancedUsers group. So in the Hub, both users would go to the same parent Workspace folder to create content. The InfoAssist user that should not access the mas should either 1) not see it altogether or 2) get an error message if attempted to select it as a source.

Thank you!

[Patrick Huebgen]

"Yes you can" - server security allows you to setup security based on folders or files "Directory/File Priviledges"

[Todd Van Valkenburg]

Thanks Patrick. I haven't tried this but a couple questions to clarify. If UserA should not have access to wf_retail_big.mas, then I would create the PTHUserA as a basic user, then add this mas/acx file (and only this file) and make sure read & write & execute & list are unchecked. Questions: 1) For all the other mas/acx files, is it correct that I would not have to list them since this would be impossible to maintain; 2) Is it correct that I don't need to create the basic user for all the other users (all InfoAssist users that are not UserA)?

[Patrick Huebgen]

This will depend on your security setup (my server is PTH - if you are using LDAP or anything else this is what you have to use) .

What you have to do is to register the WebFOCUS Client user or the user group in server access control (every other user will be assigned to one of the roles - like "Basic User".

With this registration you will be able to assign individual permission per user/group and file or folder.

If you have multiple users that you want to grant access to the same files you could create a new role (copy of Basic User) and link the role to a user goup.

You can work with different scenarios - like getting "Basic Users" all permissions and deniing it for only one master for one user only.

Be aware that assigning to many security roles might impact performance (talking about hundreds of those)

[Patrick Huebgen]

By the way disabling list should be best - read might block the user from running standard reports based on such a master.

[Todd Van Valkenburg]

Thanks again. I just tested & verified that I can use Access Control to restrict a table (no list access) to specific individual while not affecting others.