3 Replies Latest reply on Sep 1, 2017 7:05 AM by Lucy Cook

    Permissions locked to Project

    Lucy Cook



      I am server admin and currently trying to convince my team that we should lock permissions at a project level rather than allow individual permissions to be set at a workbook level, with limited success. We have a large number of projects, users, groups and data sources that will make managing the permissions separately a nightmare. There is also plenty of sensitive data in many of the workbooks that need to be kept secure.


      In my mind the better option is locking down permissions and having them controlled by the Admins to lower risk and overhead, but the flexibility of controlling the permissions at an individual workbook level has convinced others that that is the way to go.


      Any advice? Or can anyone point me in the direction of an article (or even better, a viz) that lays out the pros and cons, so we can make an informed choice either way? I have found a lot of articles on how to set permissions, most recommend project level, but none go into much detail as to why.




        • 1. Re: Permissions locked to Project

          Hi Lucy ,


          You need gather requirement's first from your BI Analytics manager  and then try to set up security step by step. It's an iterative process and you will get there try to create few sample user's and play with it .


          I.I will create a separate BI Group for each user's you think they only should have access to the data

          2.You can set up project up level permission's once they are in the group

          3.you can setup user level permissions for each workbook access



          That's the  way I believe you have more control of the BI Content .


          Let me know how it works out .





          I am

          • 2. Re: Permissions locked to Project
            Toby Erkson

            You can make sure that every Project has a Project Owner and you make them responsible for maintaining permissions.  Tell them you will only help maintain Projects that are Locked.  Period.


            I guess it depends on what you, as an admin, are allowed to control.  The pros & cons vary from company to company.  Where I work we don't even ask, the Project gets Locked.  It is up to the Project Leader to change it to Managed.  If questions are brought up then I downplay it, giving the negatives. The only time I recommend Managed is when permissions are truly varied and necessary (generally by my evaluation) as it's rare to have any developer know what's necessary versus what's wanted (I do have a couple devs who I trust to make the right decision).


            When it comes to Sites beyond "Default" it's up to the Site Administrator to decide that.  For us, the Site Admin. is responsible for their Site. Sites for us, though, are rare and used when the devs know what they're doing, create many reports and thus have several Projects, and have people come and go so often that it slows things down for them when they need to wait on the Server Admins.  As far as I'm concerned, they are Server Admins but just for their Site (thus their Site role is Site Admin) and given all the responsibilities to maintain their Site, Projects, Users, etc.  So for a non-Default site it's up to the Site Admin on how Projects are to be permission managed.

            • 3. Re: Permissions locked to Project
              Lucy Cook

              Thank you for your input, both.


              I decided to go with Toby's advice and default each project to locked, then assign Project Leaders who are trusted to keep the projects secure.