As we are assigning user roles and trying to limit their access to certain reports using the OTBI permission, noticed that a user who only assigned with "employee" role (or the customized role copy based on the default employee role) can see OTBI report if the report was set to be read or higher permission with the "BI Consumer" role. We have try modifying the permission, and the performance looks as if the "Employee" role is inheriting the "BI consumer" role. (e.g. if BI consumer role set to be "no access" for certain report then the employee user can't see it; but if the BI consumer is read/ full control, the employee user will have the corresponding level of access). However, when we check the Employee role hierarchy and its duty role/ privileges, we can't see any indication that it has inherit the BI consumer role. The only relevant privilege we can see is that the "Manage report and analytics" has been added as privilege.
Can anyone please help determine:
1. Is the Employee role truly by default share the same permission restriction as "BI consumer" role? If so, why is it not listed as a inherited role? And If it's not related to the "BI consumer" role then how can user with Employee role be able to access so many reports?
2.Based on the observed performance, is there any ways we can control the permission setup for "Employee"? If we don't want it to share the BI consumer permission level , for example, if the BI consumer has full control but we only want employee to have read access, is this doable? Or it will always take the largest range of permission level?
