/
Access Rights
Document toolboxDocument toolbox

Access Rights

Owned by Sarabjeet Kaur
Dec 19, 2024
5 min read

Kyvos Reporting’s Access Rights page manages user access rights on Categories, Query Objects, Parameter Objects, Analytical Objects, Reports, Dashboards and Dashboard Widgets, and Connections.

End users don’t have any system privileges by default. They need to be granted access rights depending on their application access needs.

The application supports multi-level categories. A category may contain objects such as Query Objects, Parameter Objects, dashboards, etc.

Use Access Rights page to manage user access rights on Categories, Query Objects, Parameter Objects, Reports as well as Connections.

Click Navigate > Administration > Manage Users > Access Rights to open this page.

KRaccessrights.png

  • From Choose Object dropdown available on the top left of the page, select the object you want to assign access to. Use the search box to look for specific objects. List of the objects will be available below.

  • Assignees can be selected from the center, and access rights options and details appear on the right side of the page.

At a time, you can select an object and grant access right on the selected object to:

  • All users of all organizations

  • All users of the selected organizations

  • All users who are assigned the selected roles

  • Selected users

Access rights are: Not Set, Full, Partial, Deny, and Skip Folder

General steps

  • To grant rights on category, select category in Choose Object dropdown, navigate to respective category and select the category.

  • To grant rights to an object, select respective object type in Choose Object dropdown, navigate to the category where the object is and select the object.

  • Now, select assignees and select the required access rights.

  • Click the Save button.

Application will display an alert if you navigate away to another category, object or select another assignee without saving the changes.

Access rights on Category

Objects like Reports, Parameter Objects, Query Objects etc. are saved in categories. Access rights for category are:

  • Not Set: If Not Set is highlighted, it means, no access rights have been assigned.

  • Full: Selected category and all its child categories will be listed to the user. User will be able to open the selected category and carry out any operations on any of the objects in the selected category and its child categories.

  • Deny: Selected category and any of its child categories (as well as objects in it) will not be listed to the user. As a result, user will not be able to access any of the categories (as well as objects in those categories).

  • Partial: User can access selected category. They can have Edit or Execute access rights as per the requirement. For example, you may grant only Edit access to the user on all reports but Edit and Execute access on all Query Objects. For Category, Edit and Execute will function as below –

Edit:

  • Allows listing of reports

    • Allows creating new reports at folder level

    • Allows editing and saving of all reports inside this category

Execute:

  • Allows listing of reports

    • Allows all access for run reports and schedule reports including their sub categories

  • Skip Folder: None has been renamed as Skip Folder. In this case, inherited access of parent applies so generally skip folder access is not given at the top level but in case it is given at everyone level then all the organizations will inherit partial access with no grants given.

Access for All Published Objects

  • View Published Outputs: When this access is allowed from the UI, it will inherently allow access for all its sub actions

  • Save Published Outputs: Gives access to save published outputs

Access rights on Reports

These are the rights to carry out report operations on selected report.

  • Not Set: If Not Set is highlighted, it means, no access rights have been assigned.

  • Full: User will be able to carry out all the report operations on the selected report.

  • Deny: Selected report will not be listed to the user. User will not be able to carry out any operation on selected report.

  • Partial: User will be able to carry out report operations as per selected (Edit and Execute) on the selected report.

  • Include associated objects: when checked under Reports, enables execute right for all objects associated with that report.

Access rights on Query Object / Parameter Object

  • Not Set: If Not Set is highlighted, it means, no access rights have been assigned.

  • Full: User will be able to carry out all operations on the these Objects.

  • Deny: User will not be able to carry out any operation on the Objects.

  • Partial: Partial rights for these objects are: Edit and Execute.

    • Edit: Object will be listed to the user. User will be able to open and edit these objects. User would be able to use create, copy, and cut features with these objects. To carry out these operations on a category, user should have Edit rights granted at category level.

    • Execute: User will be able to use these objects with other associated entities. For eg, query object and analytical object can be used with reports. Operations like run and schedule are accessible through this right.

Access Rights on Connections

  • Not Set: If Not Set is highlighted, it means, no access rights have been assigned.

  • Full: User will be able to run reports on the selected connection.

  • Deny: User will not be able to run reports on the selected connection.

Note:

Note

  • If Full or Deny is applied at the parent (like category, organization) level, this will be applicable on the child entities. This cannot be overwritten in any scenario. However, in case of Partial, child entity rights take preference over the parent.

  • If Full or Deny is applied at the parent (like category, organization) level, this will be applicable on the child entities. This cannot be overwritten in any scenario. However, in case of Partial, child entity rights take preference over the parent.

  • If Full or Deny is applied at the parent (like category, organization) level, this will be applicable on the child entities. This cannot be overwritten in any scenario. However, in case of Partial, child entity rights take preference over the parent.

  • If Full or Deny is applied at the parent (like category, organization) level, this will be applicable on the child entities. This cannot be overwritten in any scenario. However, in case of Partial, child entity rights take preference over the parent.

  • You need to set ENABLE_PERSISTED_CACHE to Enable in Reportengine.properties file in administrative configuration files to persist entity access rights in a different storage and improve time to load these rights on bootup. Post setting this property to ‘True’, the access rights will be cached on the disk the first time the application is run. From second run onwards, the cached access rights will be called and you will observe improvement in time-to-load. To access the file, go to Navigate > Administration > Configure > Config Files.

 

Related content

Access Rights
Access Rights
Kyvos 2024.11.x
More like this
Users and Roles in Kyvos Reporting
Users and Roles in Kyvos Reporting
Kyvos 2024.12
More like this
Users and Roles in Kyvos Reporting
Users and Roles in Kyvos Reporting
Kyvos 2024.11.x
More like this
Categories and Reports Management
Categories and Reports Management
Kyvos 2024.11.x
More like this
Categories and Reports Management
Categories and Reports Management
Kyvos 2024.12
More like this
Query Object Access Rights
Query Object Access Rights
Kyvos 2024.12
More like this

Copyright Kyvos, Inc. All rights reserved.