Query Object Access Rights
Applies to: Kyvos Reporting
By default, users do not have any system privileges. They must be explicitly granted access rights to perform operations such as creating, modifying, executing, or deleting Query Objects.
Kyvos Reporting supports a hierarchical folder structure, where categories can contain Query Objects, Parameter Objects, dashboards, and other design-time components. Access to a Query Object is governed both by category-level rights and object-level rights.
Use the Access Rights interface to configure permissions for users, roles, and organizations.
To open this interface:
Navigate to Administration > Manage Users > Access Rights.
Assigning Access Rights for Query Objects
From the Choose Object dropdown, select Query Object and browse to the required category. Then:
Select the specific Query Object.
Choose assignees (users, roles, or organizations).
Set access rights.
Click Save to apply changes.
The system displays a prompt if you navigate away without saving.
Access Levels for Query Objects
Access Level | Description |
|---|---|
Not Set | No explicit permission is assigned. Access is determined by higher-level (category or organization-level) rights. |
Full | Users can view, edit, delete, and execute the Query Object. |
Deny | Users cannot access or see the Query Object in any interface. |
Partial | Grants limited functionality. Refer to the table below for available partial rights. |
Partial Access Rights for Query Objects
Partial Right | Description |
|---|---|
Edit | The Query Object can be modified and saved. This also requires edit access on the parent category. |
Execute | The Query Object can be used for report execution and to retrieve data. Users cannot modify it unless the Edit access is also granted. |
Category-Level Access for Query Objects
Access to a Query Object also depends on access to the category it resides in.
Access Level | Description |
|---|---|
Not Set | No access is defined for the category. |
Full | All Query Objects in the category (and subcategories) are accessible for all operations. |
Partial | Specific Query Objects in the category can be accessed based on object-level rights. |
Deny | The category and its contents (including Query Objects) are completely hidden. |
Skip Folder | Used to skip the current folder from evaluation; rights are evaluated from parent folders instead. |