Hi Team,
I have enabled 'Common User Provisioning' in my DRM environment. So in the new provisioning system, I have created a 'READNLY access group in Active Directory group for users and want to provision this READONLY group with following 2 specific conditions:
- Group should NOT have 'Run Action Script' access.
- Group should have 'Run export' access but only on one specific Export name-Essbase (I have total 3 Export names defined in Object Access Group-Standard, HFM, Essbase )
I understand in 'Common user provisioning' system of DRM, there is no 'Anonymous User' role available which was having 'Run exports' access. The least level of role available is 'Interactive User' but this role has 'Run Action Scripts' access.
Can you please help me figure out how (in terms of property categories, node access groups, Object access group, DRM roles etc.) can I provision my READONLY group fulfilling above mentioned 2 security requirements. Apart from above mentioned two security constraints, my READONLY group can have other common privileges what is supposed to be there for a READONLY user i.e. Browse versions/hierarchies/categories/properties and other accesses available under 'Interactive User' role.
Thanks in advance for your help!