Currently, folder permissions in the CDE require assigning individual roles per folder per user, which becomes inefficient in multi-contractor environments. For example, with five contractors, each having their own Project Manager (PM), we must create and assign five separate roles—one for each PM and their corresponding folder. This approach leads to unnecessary role proliferation and administrative overhead.
We propose enhancing the permission model to support conditional access based on both Company and Role. This would allow us to define a single permission rule such as:
“Grant access to this folder to users with the role ‘Project Manager’ and who belong to Company X.”
Benefits:
- Reduces the number of roles required in the system.
- Simplifies permission management across projects with multiple contractors.
- Improves scalability for larger projects with many stakeholders.
- Aligns access control more closely with real-world project structures.
This change would streamline administration and make the permission model more intuitive and maintainable.
