Hi,
I want to ascertain that WRS (Web Report Studio) users can access data only through Information Maps.
I thought it would be enough to remove the 'Allow Direct Access to Cubes' and 'Allow Direct Access to Tables' capabilities from the role that is assigned to those users.
However, from a Web Report they still can open cubes and tables. That is, only if they have Read access, of course, but the point is that the Information Map might limit their access to certains rows or slices.
I have made certain that they are not a member of any group that has a broader role.
Of course, they still are member of the SASUSERS group, but that group has no role assigned.
I stumbled onto Usage Note 40599: "Assigning users to a custom role that has limited capabilities might still have access to additional capabilities even after applying the custom role". But what does that mean?
That I can never give a user less capabilities then SASUSERS has, and that I can never remove those capabilities from SASUSERS? That would be very disappointing!
Anybody any experience?
Frank Poppe