Hi,
We are currently implementing a new security model for BO4.
Wondering about if possible to have dual approach i.e content groups and application groups whereby each user belongs to a content group which should define what they can do in a particular folder and an application group which defines what they can do in a particular application e.g. create docuemnts at all etc.
e.g all finance users belong to Finance group and each of these users belongs to one of 3 groups (Power Users,
Broadly speaking we have following situation.
Each department has own folder and up to 3 distinct groups of users per deparment
e.g Finance department - 3 groups of Finance users - ones who should have power user rights (write + schedule privileges), writers (can write new reports but not schedule)
and readers who can simply run reports but not create new ones or schedule ones.
All of these groups should be able to read documents in the Finance folder, writers to be able to save to Finance folder and power users able to add sub-folders to Finance folder etc.
Thinking of 2 possible routes
Option A
create following groups
Finance Power Users
Finace Writers
Finance Readers
Set up 3 access levels Power User, Reader and Writer and define both application and content rights in these access levels then give the above 3 groups the approp access level to the Finance folder
i…e access levels combine contanet and application level access rights
Option B
Set up Finance group - add all Finnace users to this group
Set up 3 groups Power Users, Writers and Readers
Set up 6 access levels 3 for controlling access to what user can do in application e.g Power User, Writer and Reader
and 3 to control the content level a particular group has access to to mirro with regards saving to folder, sheduling to folder, viweing from gfolder
i…e access levels control content and application rights separately.
Thoughts?
Thanks
philipo (BOB member since 2005-07-22)