I'm trying to apply varying lifecycle transition security to my lifecycle states but it seems that if you are a member of a group that is denied and a group that is allowed, the denied take precedence. I can't see any option for hierarchy or priority.
How have others dealt with this without creating an endless combo of groups?
thanks
Solved! Go to Solution.
Solved by Redmond.D. Go to Solution.
Personally, I find it easier to not use the Deny setting. If you set security on something, a user is denied unless there is an Allow. That way you only have to worry about granting access.
Also, you should take a look at the Effective Permissions app. You will probably find it useful.
Thanks.. I'm learning more by the hour.
I would prefer not to have to micromanage the transition security anyways so I guess a better question is.. is there a role that I can assign to groups that will allow them to only "manage" documents/folders that they have read,modifiy,delete access to?
Here's the problem:
I have a civil group and an arch group; I also have civil and arch lifecycles which I have applied varying state security. Both groups have doc editor level 1 and doc manager level 1 roles. This setup works well for basic editing security but it seems the doc editor role gives you rights to move any document to any state regardless of whether or not you have read, modify, delete access to that document.
Bonus question: is there a role similar to doc editor level 1 that will restrict folder creation/deletion?
Thanks again!
I think you are stuck micro-managing the security on states and transitions.
Editing a document and changing the state are two different things. So it is possible to do one without having permission on the other. Vault gives you control of both permission sets, but it requires a lot of manual work.
Thanks, i've realized the key is to simplify my states as much as possible to minimize this.
Example, instead of having a state for the various types of submissions we have, I simply have one state called submission .