Additive Command Restrictions in Supervisor

I’ve got Application Foundation 3.0.2 installed and have setup the security as explained in the AF PDF (generating and assigning security IDs through AppsSecurity.exe). I have 2 dashboards named Accounts Receivable (hereafter AF) and Commercial Finance (hereafter CF), each of which have different security IDs

Now, within Supervisor, each of these items show up as Command Restrictions when I double-click the Application Foundation resource.

I have a group called AR Users whose users should see the AR dashboard, and another group called CF Users whose users should see the CF dashboard. A user belonging to both groups should see both dashboards, a user not in any group should see neither.

However, when I enable the AR Dashboard for AR Users, and inherit rights for all other dashboards, members of AR Users can see both the AR and CF dashboards, similarly for CF. If I enable AR Dashboard for AR Users and disable/hide CF Dashboard for AF Users, then even if a user belongs to both AR Users and CF Users, the user cannot see the CF dashboard, since command restrictions are ‘most restrictive’.

Could anyone tell me how I can restructure my groups/command restrictions to provide the required functionality?

NOTE: This is a Supervisor-related issue. AF security per-se works fine.


arun.philip :india: (BOB member since 2004-02-02)