cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Mutually-Inclusive Role Assignment

former_member610333
Participant

on ‎06-06-2008 4:58 PM

0 Kudos

I don't know if anyone has had this requirement before or if there is even a way to do it, but I thought I would throw it out there.

What I am looking for is a way to assign 'mutually inclusive' role/security assignments within KM.

Here is the scenario.

- You have 2 roles: RoleA and RoleB

- I want to require that users be in BOTH RoleA and RoleB to get access to a KM folder.

- If a users is only in RoleA or only in RoleB they should not see the content.

Any ideas?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎06-06-2008 6:11 PM
0 Kudos

HI

i think u need to use of Group concept here.

create two groups of users

Group A --- assign folder permission where user need to navigate

Group B --- assign folder permission where user need to navigate

If suppose a user ( say a manager ) who need to navigate to both the areas of group A and Group B then assign these users to bith the group.

now create a KM navigation iview and assign this iview to role and assign this role to both the group.

so when end user navigates to km folders using this iview he can only see folder where he has permission.

This is my approach and there could be even other way to do it .

Regards,

Vijay.

ps: u need to remove read permission of everyone group from this KM folder if it was previously assigned.

Show replies
Show replies
former_member610333
Participant
‎06-06-2008 6:19 PM
0 Kudos

Close.. but I don't think it hits the mark yet.

In order to get to the content the user should be in BOTH GroupA and GroupB. Being in one group is not enough.

Also, the permissions MUST be at the KM level. There is searching involved, so I cannot 'hide' any content via iView access

Former Member
‎06-06-2008 6:30 PM
0 Kudos

Hi 

craig wrote :Also, the permissions MUST be at the KM level. There is searching involved, so I cannot 'hide' any content via iView access.

according to this concept following is possible

1) u define permisssion at the km level.

2) user from group when search for the document he will be retrieving only the document what he had read access

i dont find any obstacle in this concept and i am sorry if i could not match the one wht u r thinking to achieve.

regards,

vijay.

former_member610333
Participant
‎06-06-2008 6:39 PM
0 Kudos

user from group when search for the document he will be retrieving only the document what he had read access

The thing is that the user has to be in BOTH groups in order to see the content. The content should not show up if the user is only in a single group.

I hope that clarifies things.

Former Member
‎06-06-2008 6:57 PM
0 Kudos

Hi

will ellaborate with an example

assume there are 2 folder

folder A -- should be visible to only Group A

folder B -- should be visible to only Group B

So some special user who need to access Group A & B , so assign this user to both these groups so only these user cana access both the folder.

or another way

create group c assign these special user here and assign read access to both the folder to this group c

this way sound bit childish to me

now coming to search part.

in order to make things simple just index these folders and do not assign any permission during indexing , just leave that area empty.

the fact that if u r not assigning permission it will by default assign read permission to these folders and while displaying during search result it will filter the document according to the permission u set in km level.

my suggestion is to implement a pilot project for test purpose based on this concept and u can achieve what u want.

Regards,

vijay.

former_member610333
Participant
‎06-06-2008 9:02 PM
0 Kudos

I appreciate your diligence with this, but I still don't think we are on the same page.

Here is the scenario again..

UserA is in GroupA

UserB is in GroupB

UserA-B is in BOTH GroupA and GroupB

I want to have a folder where only UserAB can see the content.

UserA would not see the content

UserB would not see the content

UserA-B would see the content.

If you have any more suggestions please contact me directly

Former Member
‎06-06-2008 5:09 PM
0 Kudos

Hi Craig,

Guess, this blog answers your question.

https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/6340

Hope it helps.

Cheers,

Sandeep Tudumu

Show replies
Show replies
former_member610333
Participant
‎06-06-2008 5:30 PM
0 Kudos

Not really.. Are you sure you referenced the correct blog?

Ask a Question