When a user is assigned to groups with different roles, where one role (e.g. designer) has access to Designer and another (e.g. editor) has only access to Reports section, rights for folder groups / reports are “combined”.
E.g. the group with access to designer has no access to folder group “Default”, whereas the group with role editor has reading access to “Default”. A user assigned to both groups could then open reports of that folder group in Designer, open Macro, export folders and reports etc.
Instead of combining, rights should be checked individually for each group. Someone who builds reports for one part of the application might be an end user / consumer of reports of other parts of the application and should not have automatically access to those reports in Designer.
Proposal:
In JEDOX SETTINGS we would like to get a new Parameter to hide all elements in DESIGNER with #_GROUP_DATABASE_DATA = "R" for all non ADMINs.
With this additional parameter it would be possible to separate use cases and prevent unauthorized access.
