Let us know how we can make Jedox even better!
The setting for the object name "rights" is located for the right management within one Role.
If you set this to no-access:
The user is not able to access the System database (especially the user list and the corresponding information about last login time
The user is not able to access the User management cube within one database to restrict/give access to content security (elements within one dimension)
If you set this to read-only/writable/Full Access:
The user is able to access the System database (especially the user list and the corresponding information about last login time
The user is able to access the User management cube within one database to restrict/give access to content security (elements within one dimension)
The problem with this functionallity is that you cannot give a user the ability to change the content security within one database on their own without also giving them the ability to access the system database. Technically this wouldn't be a problem but:
Especially in Germany with workers council approvals only very few people should have access to lists where you can see personal data (users e-mails, names, etc.) and more important to read out last login timestamps is a highly confidential information because of employee protection laws
Suggestion would be to split this right object to have the ability to access/read system database or to have access to the user management cubes. Sure in the user management cubes you need a list/information about available groups but you don't need information about other system dimensions especially the user list.
Thank you for your great idea. While we cannot commit to a specific target version, we will consider adding it to our future internal backlog. If you can add further information about the context of this feature, please add it here so we can evaluate it more fully.