When a user is assigned to groups with different roles, where one role (e.g. designer) has access to Integrator and another (e.g. editor) has only access to reports, rights for ETL projects are “combined”.
E.g. the group with access to Integrator has no access to ETL project “sampleBiker”, whereas the group with role editor has reading access to “sampleBiker”. A user assigned to both groups could then open the ETL project in Integrator, duplicate/copy/export it, potentially re-use connections to external databases etc.
Instead of combining, rights should be checked individually for each group. Someone who builds ETL processes for one part of the application might be an end user who is executing ETL jobs via reports from other ETL projects of the application and should not have automatically access to these ETL projects in Integrator.
Proposal:
In JEDOX SETTINGS we would like to get a new Parameter to hide all elements in INTEGRATOR with #_GROUP_DIMENSION_DATA_ = "R" for all non ADMINs to all ETL project wihin the CONFIG and PKGS database.
With this additional parameter it would be possible to separate use cases and prevent unauthorized access.
