Community Tip - Did you get an answer that solved your problem? Please mark it as an Accepted Solution so others with the same problem can find the answer easily. X
I have a set of queries that are Admin queries and a shared to only two groups. One of them is NOT the everyone group. Why then when I login on as a user not in either of those groups am I still able to see these queries? On page 158 of the 2009 Integrity User Guide it says:
3 Click the Sharing tab. The Sharing panel displays.
Click Choose Principals and use the data filter to select the principals (users and groups) that you want to share your query with.
NOTE Only the groups you add to the Shared With list can see your query.
Solved! Go to Solution.
I discovered the issue. Under "Workflows and Documents" > "Permissions" > "Global" I had a group with the "CreateSharedAdmin" set to allowed. Once I changed it to deny the shared queries in question were no longer visible.
I have a set of queries that are Admin queries and a shared to only two groups. One of them is NOT the everyone group.
... but the other one is.
So basically you share with the group "everyone" and explains your systems behavior pretty well.
But I am NOT sharing with the everyone group because I do not want everyone to see these queries.
I discovered the issue. Under "Workflows and Documents" > "Permissions" > "Global" I had a group with the "CreateSharedAdmin" set to allowed. Once I changed it to deny the shared queries in question were no longer visible.
Hi Dan,
I'm glad that worked out. I think you might want to just unset that ACL, though: If you have a user who is a member of that group and a member of a group which does have CreateSharedAdmin allowed, they won't be able to create Admin objects unless they're granted CreateSharedAdmin at the user level, because in a conflict at the same level between allowed and denied, denied wins.
-Kael