After you have set up users, user groups, and permission sets, the next step is to apply security to the objects on the Navigation Tree. When you configure security for these objects, you choose a user group and a permission set and associate them with the specified object. These security settings determine what users are allowed to do in Reporting Center. You can apply security to every object except Reporting Center Home, which is the root object on the Navigation Tree.
For objects in a hierarchy, Reporting Center uses the most restrictive permissions and applies them to the subfolders and objects. If you have not configured security for a particular object, that object inherits the permissions of its immediate parent. When you log in to Reporting Center, it displays only the objects that the group has permission to view.
For example: Consider a scenario in which a group has permission to view the default Reports folder and the folder for Application A, but does not have permission to view the folder for Application B. In this case, the group has access to the reports for Application A, but does not have access to the reports for Application B. The Reporting Console does not display the Application B folder when users from that group log in.
As you plan your security model, consider the following recommendations:
Arrange your groups hierarchically. Take advantage of the ability to add groups as members of other groups. In this way, you can arrange the groups correctly and then assign permission at the top level.
For example, suppose you have a shared environment running NetIQ Aegis, NetIQ Directory and Resource Administrator (DRA), and NetIQ Analysis Center. For each application, you can create bucket groups containing other groups that can only access the reports and dashboards for those applications. Rather than assign permissions for each member group, you would assign permissions at the top-most level.
Use the Reporting Center user groups you create or the Windows Active Directory groups you import to manage the different permission levels of different folders, reports, and data source connections. For example, an Aegis group would only have access to the Aegis nodes and connections on the Navigation Tree, a DRA group would only have access to DRA reports and connections, and so on.
Organize your security model before you implement it by creating user accounts, user groups, and permission sets, and keeping them disabled until you are ready to apply security.
In the ongoing administration of Reporting Center Security, modify your security model to adapt to the needs of your company so that users only have access to the reports and data source connections relevant to them.
For a user account to view objects on the Navigation Tree when the user logs on to Reporting Center, the account must be a member of a group associated with a permission sets. Otherwise, the Navigation Tree is blank.