Hi folks!
I’m looking for solution/advices for following case.
Please consider following folders structure.
Public
|__Finance
| |__Poland
| | |__Poland Department 1
| | |__Poland Department 2
| |__France
| | |__France Department 1
| | |__France Department 2
| |__USA
| |__USA Department 1
| |__USA Department 2
|
|__Commercial
| |__Poland
| | |__Poland Department 1
| | |__Poland Department 2
| |__France
| | |__France Department 1
| | |__France Department 2
| |__USA
| |__USA Department 1
| |__USA Department 2
|
|HR
| |Poland
| | |Poland Department 1
| | |…
| |…
|…
I have flat user groups structure which reflects folders structure, e.g. group Finance Poland, group Finance Poland Department 1 …
Assumption is that user which belongs to specific group should have access to the objects located in those directory + objects in all parent directories, e.g. users from group Finance Poland Department 1 have access to following directories:
Finance/Poland/Poland Department 1
Finance/Poland (but not subfolders except Poland Department 1)
Finance (but not subfolders except Poland)
, i hope it is clear
Sure I can produce open system of decreasing rights, e.g for group Finance Poland Department 1:
Finance (ACL: View)
Finance/Poland (ACL: View)
Finance/France(No Access)
Finance/USA (No Access)
Finance/Poland/Poland Department 1 (ACL: View)
Finance/Poland/Poland Department 2 (No Access)
,in order to achieve assumption but this is not my question
Like you can see, folders structure for each area (Finance, Commercial, HR, …) is exactly the same. So I’m wondering if there is possiblity to create seperate collections for groups:
one collection for areas: Group Finance, Group Commercial, group HR, …
another collection for countries/depratments which will be used for each area: Poland, Poland Department 1, Poland Department 2, France, France Department 1, …
, and use them to assign appropriate rights.
So user should belong to both groups, e.g. Finance and Poland Department 1 in order to achieve access to the folder. And the point is (ufff…) that if user belongs only to one group (Poland Department 1) he/she can still search documents via InfoView.
Any ideas? In other words, how to grant access to the specific folder only if user belongs to both group.
Hi Arjun,
thanks for the link but I already did. Problem is that I haven’t found solution for this (in my opinion specific) case.
In other words, if you can share with me solution fo following security requirements:
Hi, have you ever found a satisfying solution for this? We’re facing the same issue and I would like to avoid to create 100 groups per project…
The only solution I can see is to switch off search altogether but this does not seem to be a good option…
we would need an “intersection” group, e.g. user needs to be in group “Germany” AND group “Customer” to have access to folder Root/Germany/CustomerReports and reports therein. But currently of course group rights are always additive, not intersectional, right?
mmmh.