i have a simple model (to my opinion…) which i am not sure how to implement in the CMC.
i have main folder :Products and under it subfolders of all kind of specific products.
i have Ldap groups like:sales all ,which suppose to see all product folders
and ldap group:product_specific which suppose to see just a certaion sub-folder.
how do i establish the connection between the ldap groups to the folder in the most appropiate way ?
do i deny or grant everone and than create appropiate folder rights ?
The simplest way to do this, is grant the Sales All group View rights on the Products folder, this right applies to sub-objects so it will cascade down to all the product folders.
Then create a custom access level, which can be identical to view, but set the right to apply ONLY to the object, not sub-objects. Grant this new right to all the Product-Specific groups on the top level Products folder. Now grant View rights on each of the Product-Specific folders for the appropriate Product-Specific groups.
It makes sense if you write it down In XI 3.0 you really need to leverage the power of custom access levels and ability to disable inheritance.
In the Folders section in the CMC. I’d suggest reading the BOXI Administrator’s Guide to learn your way around the CMC fundamentals before trying to design your security model!