Setting Business Desk Permissions for Windows Accounts

  • Article

You use the Permissions module to grant, deny, or change permissions to Business Desk users based on their Windows accounts. Before you can set permissions for a Windows account, you must add the account to the Permissions module account list.

You can either allow or deny access to any Business Desk category, module, or task. You can also use permissions to limit access to your catalogs, catalog properties, profiles, and profile properties.

If a Business Desk user is a member of a group that has access to entities, and you want to deny access to those entities for that particular user, then you must add that user account to the Permissions module account list and select the deny option for the task you want to secure. The deny option overrides the allow option, and you can have the benefits of using a Windows group without compromising security.

You use the deny option only when removing permissions from a specific member of a group account. To deny access to any of the Business Desk categories, modules, or tasks for the entire group, you clear the allow option.

Ee784703.note(en-US,CS.20).gif Notes

  • If you deny users permission to create a new report, they will not be able to save a report.

    New report permissions enable a Business Desk user to save SQL report queries to the Data Warehouse. These queries will be run by anyone who runs the report. Even if users creating the report do not have permissions to run the report query directly, they can still save the report to the Data Warehouse. Users with higher SQL permissions could run the query by running the report, without realizing that they could be running some potentially damaging query.

  • By default, administrators and all members of the local Administrators group (or the Domain Administrators group if Business Desk is running on a domain controller) always have complete access to all Business Desk elements.

  • If a Business Desk user logs onto the network with a domain account that is a member of a local group on a different Business Desk Web server with permissions defined, the permissions of the local group are not granted.

  • You can deny users permission to run Analysis reports. However, if users have permission to use the Campaign Manager module, they can use Campaign Manager to export a report to List Manager, and then access user data in the list.

    To secure the user data in this scenario, explicitly deny users the ability to export reports to the List Manager module, or disable the View Reports button in the Campaign Manager module.

To set permissions for a Windows account

  1. In Security, click Permissions.
  2. In the Security Permissions screen, in the Windows Account drop-down box, select the Windows account in the Permissions module account list for which you want to add permissions.
  3. In the Security Permissions screen, in the Securable Entities section, do the following:
    Use this To do this
    Area Entity View all the catalog and profile entities that can be secured. You can secure catalogs, catalog properties, and profile definitions.

    To secure catalog categories, use the Catalog Editor module. For instructions, see Editing a Category in a Base Catalog.
    Allow Select this box to allow the selected Windows account or group access to the corresponding entity.
    Deny Select this box to deny the selected Windows account or group access to the corresponding entity. The deny option overrides the allow option.
    List Accounts For the associated entity, click the Ellipsis button to view the settings for permissions across all Windows accounts that have been added to the Permissions module account list.

    In the Accounts dialog box, you can allow or deny access to the available accounts, and add new Windows accounts to the Permissions module account list.

    To add new Windows accounts, or to add or delete users from a group, contact your system administrator.
    Details Click this button to view detailed security options for each of the entities.

    The Permissions Detail: <Entity> screen displays the task that can be performed, for example, edit. It then lists every element that you can allow or deny users the ability to edit.

    Click Back Security Permissions
  4. In the Security Permissions screen, expand the Business Desk Category/Module/Task Access section, and do the following:
    Use this To do this
    Allow Select this box to allow the selected Windows account or group access to the corresponding entity.
    Deny Select this box to deny the selected Windows account or group access to the corresponding entity. The deny option overrides the allow option.
    List Accounts For the associated entity, click the Ellipsis button to view the settings for permissions across all Windows accounts that have been added to the Permissions module account list.

    In the Accounts dialog box, you can allow or deny access to the available accounts, and add new Windows accounts to the Permissions module account list.

    To add new Windows accounts, or to add or delete users from a group, contact your system administrator.
    Task Permissions Click this button to view, allow, or deny permissions to perform specific tasks for the selected Business Desk module.

    The Permissions Detail: <Business Desk category> screen displays the action that can be performed, for example, new. It then lists every page and task for which you can allow or deny users the ability to create a new entity.

    For example, if you want to prevent a user from creating new entities, you choose the deny option for both New and Save&New tasks. If only the New task is denied, users will be able to create the new entity by using the Save&New task button.

    Click Back Security Permissions
  5. To save changes and return to the Business Desk Welcome screen, click Save and go back on the toolbar.

Ee784703.important(en-US,CS.20).gifImportant

  • After permissions are changed for a Business Desk user, that user must close Business Desk and then restart it for the new settings to take effect.

    If the Windows identity (groups membership, rights, ACLs, and so on) has changed for that user, the user must log off and then log on for new settings to take effect on the server. (Otherwise, the client will work correctly, but the server will not.)

See Also

About Business Desk Security

Creating Windows Accounts

Adding Windows Accounts to the Account List

Removing Windows Accounts from the Accounts List

Viewing Account Permissions

Copyright © 2005 Microsoft Corporation.
All rights reserved.