When a user is part of multiple groups with varying group permissions and those multiple groups are applied to an ACL Vault will always apply the most restrictive permission to the user. Incertain situations a user will need a higher permisiion than the ACL will allow their group(s).
We need a way - via the ACL - to give a particular user (or group) an elevated permission that will override their adjoining group permission on a case by case basis.
Perhaps there could be a "use elevated permission" check box in the ACL that would allow us to override the security "up".
For our own internal Vault, we decided not to use the "Deny" setting in any of our ACLs. If we don't want a group to have access, then we don't give it an "Allow". Under this model, users have access as long as they are in at least one group with access.
@doug.redmond , Thanks for the idea.
@ihayesjr . We are using the "deny" permission. I didn't know about the NTFS method you mentioned. I'll give it a try and let you know if it works.
To my original post: it sounds like maybe the functionality we need is already there, just not very discoverable (or at least not in the help system). I could see how trying to sort through "should I 'deny' or not in this situtauion" could be very challenging. Maybe this functionality could be exposed/controlled more through the UI (i.e. radio buttons, user permission status check - choose a user and get an update on their permission level for a particular object)?
BTW I was an AE in the channel for several years. I saw this "issue" of overly restrictive permissions arrise at MANY companies. There is a need for some help in this area.
Thanks fot the input-Cheers!
I tried out the suggestions. The suggestions function as stated but do not give me the result I need. I do need to "deny" certain groups permissions EXCEPT for one (or a couple) users in those groups in various situations.
This is a big issue for me persoanlly as I have 170 users in my Vault and it's tough maintaining the right permissions in all situations.
-Cheers!