Building permissions in the CMC is made up easy but when it comes to private folders it gets complicated.
What happens when a user sends a restricted public report to a user that doesn't have the right to see that report in the public folder?
That user will see that report because he has full control rights on his inbox object and his private folder.
There is no way to change all the inboxes right automatically through the CMC, writing an SDK script can do the work, but till this issue is covered you will remain with a security breach in the CMC.
Has far as I know this issue suppose to be resolved in the current version, I'll keep you update about that.
So what can you do in order to lower this breach as possible?
- Use an SDK script to change the inbox\private folder objects
- Allow schedule and send rights only to power users (problematic approach)
- Define the reports with the options of refresh on open + row level restriction
Still you can't prevent people from seeing unwanted data and in order to monitor the "crime level" it recommended doing the following:
- Run an audit report that will show you which reports the user accessed and which users are accessing reports that their universes are restricted to those users?
- Check who sends reports to who (using VB, java or COM scripts,3rd part tools or some audit data )
- Run periodic tests in the CMC to check the inboxes and private folders content.
What is the next generation of data security?
- Security that works in the view level and not just in the data base access level
- Alerts based on illegal user activity (just like in banks )
- Encrypted data engine based on the destination target and the user rights.
Example: if John from sales sends a sales report(through inbox, e-mail, folder and ctr) to Smith from HR the engine recognizes the permission differences and encrypts the data.