We have some reservable spaces with system geography and system organization settings. A non-Admin user also has the same geography settings. There are security groups for reservations, and organizations and geography security groups are assigned to him. The geo and org security groups have the same geo and org as the space and profile. But the non-Admin user still isn’t able to see spaces.
He is only able to see them when the first level of the org hierarchy is provided in the group (i.e. \Organization). But as soon as the second level is given in the group, he isn’t able to see them. Can anyone help me on this? I think there is some issue in the org, but I don’t know exactly where it is.
[Admin: To see other related posts, use the Geography tag or Organizations tag.]
I have a few questions from our customer about TRIRIGA reports:
- Question 1: We want to create a report to show the triProperty which has more than one triBuilding as children. By using an association filter, we can only show the triProperty which has at least one triBuilding. By using a summary report, we can group by triProperty to show the number of triBuilding it has, but we can’t add another criterion based on the “Number” column. So, both two solutions above don’t work.
- Question 2: How can we do something like a “left join” in a multiple-BO report? We have noticed that the behavior of multiple BOs in a report acts more like an “inner join” query. The filter based on the secondary BO will also impact the primary BO result. Do you know any way to get a “left join” result in TRIRIGA?
- Question 3: How can we share a list of reports with users who are members of a specified security group? Our customer doesn’t want to grant the access of the “My Report” application for those groups, and they would like a solution that is more dynamic than adding those reports into the portal of the user. I don’t know if there is way to do this. Can the Admin user define a favorite list for the end users?
[Admin: To see other related posts, use the Reports tag or My Reports tag.]
We have a requirement to approve a record if anyone (not everyone) from the list approves it. For example, the approval requirement for contracts contains two users, A and B. If user A approves a contract, then it gets approved without user B. And vice versa, if user B approves it first, then user A is skipped. Can we do this?
[Admin: This post is related to the 10.21.15 post about group approvals. To see other related posts, use the Approvals tag.]
Is anyone using the system organization for their security groups? We have noticed a problem to which IBM doesn’t seem to be giving enough any attention, and I’m wondering how many clients have even found this yet.
I posted the following statement in IBM developerWorks hoping to get some attention. We are starting to notice a few areas where the SQL data doesn’t match what is viewed in the application. Here is an example:
- (1) First, you need a query that displays a list of leases and one of the columns is the system org. (Make sure that column has a user filter.)
- (2) Now, note the system org name on one of the records.
- (3) Go to that org record. Edit the org name (for example, add “test” to the end of it), and activate the org record.
- (4) Go back to that query.
- (5) The system org displays the new value on the lease and in the query.
- (6) Enter a user filter for “test” in the system org column. But the query doesn’t recognize the edit…
[Admin: The same question is also posted in the main Application Platform forum. This post is related to the 01.04.17 post about filters failing when using changed classification values. To see other related posts, use the SQL tag or Filter tag.]
A user is unable to create a document and gets the following error “User does not have permissions to create a document”. How do you resolve this error?
The proper security access has not been granted to the Document object. Login as an Admin user. Go to the Security Manager. Select the Document object. In the right-hand panel, look at the access level. Make sure that “Read, Update and Create” is selected.
[Admin: This post is related to the 05.10.17 post about the 3.5.2 Security Manager. To see other related posts, use the Security Manager tag.]
A user who has limited access to people records (such as an External Vendor Admin), and who should not have access to add/delete licenses and security groups, is able to add licenses and security groups to an external vendor by running a command in the TRIRIGA Admin Console.
Moving forward, a client-side vulnerability that could allow a user to escalate their privilege, has been resolved.
[Admin: To see other related posts, use the Vulnerability tag or CVE tag.]
If you are an administrator for TRIRIGA, chances are you have access to Security Manager, which is responsible for granting access to the TRIRIGA applications through the security groups. Prior to TRIRIGA 3.5.2, the only way to view security access was to go to the Access tab and then view the Access Configuration. That is where you would grant (or remove) access. However, in TRIRIGA 3.5.2, on the Access tab, a new Access Summary sub-tab was added.
The Access Summary sub-tab will show you in a column format, the permissions of the tool/module, form, tab, and section. You are able to filter by each of those fields. Once you see the data, you can start using the filters to look at the access…
This tab should now make it much easier to identify what a security group has access to. If you find yourself limited with what you want to do within the tab, there is an Export button, that will export the data into a tab-delimited .txt file…
[Admin: A similar article is also posted in the IBM Support Portal. This post is related to the 03.07.16 post about best practices for managing your security groups.]