cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Send BI report - Recipient "Everyone"

Go to solution
sso_sad
Explorer

on ‎09-07-2023 2:54 PM

0 Kudos

Hello,

A user mistakenly sent reports (containing confidential data) to all BI accounts, which posed security issues.

Some users, check the «Everyone» box when selecting recipients and forget to delete the selection before sending (see attachment "Send BI report_part_1.png").

send-bi-report-part-1.png

After searching the CMC, we did not find a parameter that could remove the check mark of «Everyone» so that the mishandling is not repeated.

However, users must be able to send a report to any BI account (see attachment "Send BI report_part_2.png").

send-bi-report-part-2.png

Is it possible to remove the “Everyone” check mark when selecting the recipient? Or make it inactive?

Version : 4.3 SP 2 Patch 9.

Thanks for your help,

Blandine

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

ayman_salem
Active Contributor
‎09-11-2023 10:07 AM
0 Kudos

It was a big mistake to explicitly deny the most powerful rights (the “View” right) to one of the essential top-level objects like the "Everyone" group.

Therefore, NEVER explicitly deny "View" rights for top-level objects such as (Groups, Users, User Folders, Universes, etc.).

The only way to fix the problem is to use the "CMS Server Console" to add the principal "Administrator" and give it "Full Control" rights to the "Everyone" group.
after that, logon on CMC with the User "Administrator" and correct the "View" rights.

To do this, see my answer
https://answers.sap.com/questions/13911208/top-level-security-on-personal-folders.html

(Note: Set "Everyone" ID instead of "User Folders" ID in Setrole)

....

I hope this solves your problem and helps.

... and as always said: DO NOT do it if you don't know exactly what you are doing......

Show replies
Show replies
sso_sad
Explorer
‎09-12-2023 9:46 AM
0 Kudos

Thank you Ayman Salem!

The "Everyone" group has reappeared in the list of groups (for the "Administrator" account) using the link:

https://answers.sap.com/questions/13911208/top-level-security-on-personal-folders.html

For information, the command used is:

setrole 12 1 622

ayman_salem
Active Contributor
‎09-12-2023 11:03 AM
0 Kudos

I'm glad I could help

Kindly accept the answer and close the question

Answers (2)

Answers (2)

sso_sad
Explorer
‎09-14-2023 12:56 PM
0 Kudos

Hello,

Thank you for the different answers.

After solving the problem of the disappearance of the "Everyone" group, here are the steps taken to resolve the initial problem:

1. Log in to the CMC

2. Go to “Users and groups”

3. Right click on the “Everyone” group > “User Security”

4. “Add primary users/groups”

5. In the list of groups, select “ANG_REC”

6. Click on “Add and assign security”

7. In the “Advanced” tab > click on “Add/Remove rights”

8. Go to the “System” > “User group” section. For the “View objects” right, check “Replace general global rights” > check “Refused”

9. Click on “Apply”, then “OK”

10. Click “Apply” a second time, then “OK”

11. Click on “Close”

12. Log out of the CMC.

Show replies
Show replies
Joe_Peters
Active Contributor
‎09-07-2023 4:27 PM
0 Kudos

In CMC, go to Users & Groups -> Group List, find the Everyone group. Right-click on it and hit User Security.

Check who has "View" rights -- that is the permission that enables users to see and pick "Everyone" as a recipient. If you remove the view right, then your users won't be able to pick "Everyone".

If users have view permissions on other groups, then those groups will be available.

The view access might be granted at the top level, so that all users can send reports to all users and all groups. If that's the case, it's set here: Users & Groups -> Manage -> Top Level Security -> All Groups.

To enable users to see other users, go to Users & Groups -> Manage -> Top Level Security -> All Groups, and grant View permissions there.

Show replies
Show replies
sso_sad
Explorer
‎09-08-2023 11:00 AM
0 Kudos

Thanks Joe Peters,

I did the steps below with my account (which is in the Administrator group)

- In CMC, go to Users & Groups -> Group List, find the "Everyone" group. Right-click on it and hit User Security.

- The "View Objects" right has been changed to "Denied".

In BI, the first test corresponds to the expected (you can no longer check "Everyone" in the recipients, but you can select a desired user).

But in the CMC, the "Everyone" group has disappeared (neither in the list of groups, nor in the group hierarchy, nor in the security of other groups/users). I can't find it anywhere, due to the fact that the "view" right was refused... I also tried with the Administrator user.

How do I go back and regain access to the "Everyone" group in the CMC?

Best Regards,

Blandine

Joe_Peters
Active Contributor
‎09-08-2023 12:07 PM
0 Kudos

You'll need to use the Administrator user (not just a user in the administrators group). And don't set view to "denied"; just remove all access to it.

sso_sad
Explorer
‎09-11-2023 8:18 AM
0 Kudos

Even with the "Administrator" account, the "Everyone" group no longer appears.

I imported a biar from a correct environment. Containing all the groups and for promotion I checked "promote object security".

A failure appears for the "Everyone" group: "Failure: Trying to create an object with duplicate name".

As the "Everyone" group is no longer accessible, I cannot delete it to re-import it.

Do you have another solution?

Thanks for your help

Ask a Question