1761346 - Still able to delete access restrictions within designer when "delete objects" has been denied on Universe system level.

• If you set explicitly deny "delete objects"  under "system" -> "Universe" on a universe object; I am still able to open the universe in the designer and go to Manage access restrictions and delete a custom access restriction.

• SAP Business Objects XI3.1
• Universe Designer

1. Create a new test user in the Central Management Console (CMC)
2. Give it all the rights needed as a universe designer
3. Go to a universe and choose to set a new user principle on it
4. Specifically choose to deny the right "delete Objects" under "system" -> "Universe" rights section (So not the general "delete Objects" right).
5. Now Open the designer and log on as this new test user
6. Import the Universe and go to "Tools" -> "Manage security" -> "Manage access restrictions"
7. create new custom access restrictions
8. Now delete the access restriction and notice that you still are able to.

• The reason is that the right "delete objects" under "system" -> "Universe" only covers the universe object itself and not any other objects (like custom access restrictions that are stored separate.

• To deny the right to delete custom access restrictions you will have to specifically deny the general "delete objects" right.
• The general "delete objects" right encompasses all other objects other than the specific ones mentioned under the "system" rights area.
• Since there is no specific right to delete custom access restrictions; this object falls under the general delete objects right.

ADAPT01526258, ADAPT01526257 TE: 5000317319 , KBA , BI-BIP-ADM , BI Servers, security, Crystal Reports in Launchpad , Problem