Security
Object Level Security
Argos DataBlock Designers and Administrators can configure security for all objects (Folders, DataBlocks, and Reports) in the Explorer Tree.
A dialog box is used to define security for each object and is accessed in two ways:
- Highlight the object in the Explorer tree and click the Security icon on the Argos toolbar.
- Right click the object then select Security
Both methods will bring up the Security dialog box shown below. Allow or Deny permission can be granted to any number of groups and users. The figure below shows the security dialog for the “Finance Report” report.
Adding Security
Select a user or group from the list to configure permissions, or click the Add. . . button to add a new user or group to the list. You can Allow or Deny the permissions listed below:
Permission |
Description |
---|---|
Full | Perform any action, including modifying permissions for any user, including themselves. Checking this option has the same effect as checking all the other options individually. |
Change Permissions | Modify permissions for any user, including themselves. Note that this permission is the same in some respects as Full, since the user could easily enable Full if granted Change Permissions. |
Execute | Run the selected object. |
Modify | Modify the selected object. |
View/List Children | View the object and the children of the object. Typically this permission would be placed on a folder or DataBlock to enable children of that object to be viewed. If you cannot determine why a given user or group is able to see a given object, examine the parent of the object in question for this permission. |
Create/Modify Children | Create or Modify child objects of the selected object. Typically this permission would be placed on a folder of DataBlock to enable children to be created. If you cannot determine why a given user or group is able to Create or Modify certain objects, examine the parent of the object in question for this permission. |
Removing Security
To remove security for a user or group, select the user or group that needs to be removed and click the Remove button. Note that they may still have permissions due to membership in other groups (see notes below).
Group Security
Type |
Description |
---|---|
Direct Security | Security explicitly defined on an individual user supersedes any permissions they may have due to membership in one or more groups. For example, if a user is Denied permission to Modify a given object, they will not be able to do so even if one or more of their groups has this permission Allowed. |
Inherited Security | Note that objects in Argos automatically 'inherit' the permissions of their parent. For example, if a folder has a given set of permissions, all objects in that folder will have the same permissions unless explicitly overridden. Furthermore, this inheritance extends to the objects' 'grandchildren', 'great grandchildren', etc. |
Accumulated Group Permissions | When a user attempts to access an Argos object, Argos will examine the permissions of all groups that they are a member of. Argos grants the user all accumulated positive group permissions to the object (unless that user has been directly Denied permissions - see above.) For example, if a user has been granted direct permission to Execute an object, and their membership in a group granted them permission to Modify the object, their accumulated positive permissions would be Execute and Modify. Even if the user was in a second group that was denied the ability to Modify the object, they would still be able to Modify the object due to their membership in the first group. |
Everyone Group | Pay special attention to permissions granted to the Everyone group as all users are automatically members of this group. It is often a good policy to Deny permissions to the Everyone group once other groups have been established. |