New Permissions for Cloud Drive Sync

I moved this back to the discussion forum.

We created the ability to create custom roles for users to do things like this and we didn't have to create new system roles.

I had a feeling this would end up being pulled here...

In this particular case the custom role is a workaround, and a good example of how the customers (us) do not have a proper tool that in our view could be implemented. You can create the custom role to avoid granting more permissions (when using the alternative of "Config. Manager" plus "Document Editor"), but you still have users being allowed into the Vault Administration settings.

Folder syncs via cloud mapping is more of a project management tool, for users, not admins only.

I hope my feedback as a customer is valuable enough, given how we're not the only company searching for this. Otherwise I see no further point in contributing new ideas via the forum.

@Gabriel_Watson 

How about a different proposal?

What if we added permissions that isolate the configurations in the "Vault Settings" dialog?

This way admins can create custom roles as they see fit instead of us creating more system roles.

Would that work for you?

That was exactly my idea. I think this should be a great discussion for the idea station to hear what the community says, and build solutions like that.

But in your description, you stated "create a new role..."

I will move this back to the Idea board.

I was under the impression Roles are the typical path for the development team, not singular permissions. I guess in this case the control needs to be more granular then. Could I edit the post? Thanks for bringing it back.

I have edited the post for you.

 

Follow-up questions.

You have narrowed down the permissions in your image needed to create the Cloud mappings.

1. What other configurations are you able to do in the "Vault Settings" dialog?
2. For the settings you are not able to configure, what is the harm in letting this user see these settings? You are entrusting this user to configure the ability to send files outside of your company.
3. If you were to create new permissions, what settings would you group together in one permission?
   For example, all configurations in the Items tab are in one permission. However, the Behaviors tab may not be grouped in one permission.

Thank you!

1- With the "minimum" settings on my screenshot, my test account cannot add security to folders, edit Lifecycles or Revisions, Users and Groups, or Routing Lists, but I COULD edit: Categories and Rules, Properties, Data Cards, Revision Tables, Numbering Schemes, Color Assignment, Change Orders settings, Custom Object settings, Files settings (such as Working Folder, PDF publish, and other options), Visualization Settings, and Job Server Management settings (under Global Settings).

 

2- I see that allowing such broad admin tools to users who are design leaders just trying to manage files across is very dangerous, because most companies already have their employees sign a confidentiality agreement for outbound communication, but nothing specific about "making mistakes" on admin settings if they get fired, for example. The problem is compounded when you have multiple regions of the world working with the same Vault...
If we have a large enough company where most project leaders should control their project folders (imagine over 10 projects at a time, something the PDM admin might not be able to bottleneck under just a few shoulders), it is a nice addition to have a permission that is as specific as the role of managing your project folder in a mixed environment (Vault + cloud drives).

 

3- Without getting into all permissions for all settings, I can suggest that the Cloud Drive Mapping window could be accessible via a non-admin panel. I have little idea on what goes into the code behind, but I can imagine this tool could be triggered from outside. Ideally, for me, cloud drive mapping and folder security should be both accessible from adjacent tabs under the folder details. If that happened, however, we would also need a way to quickly identify the folders with altered settings (security places a lock icon when a user is not allowed to do all, and cloud drive mapped folders could act like Windows File Explorer folders with their own icon, and searchability/filters to find those would be the icing on the cake, if possible).

Don't think too deeply about question 3.

The Project Sync setting would stay in the Vault Settings panel but group them like the following. Without specific names. Specific names for the settings column only.

 

Permission 1	Settings 1 Settings 2
Permission 2	Settings 3