Users that Belong to More than One Group
A user can be a member of one or more groups. The following table summarizes how the server handles access for a user that is a member of a single group. Access can be any of List, Read, Write, or Execute.
If a user is a member of a group that is: | Access to the package, folder, or other element is: |
Allowed | Allowed |
Denied | Denied |
Not-specified | Denied |
But what happens when the user is a member of more than one group? To determine the access setting for a user that is member of more than one group, Integration Server assigns different strengths to the settings. Specifically, Denied overrides Allowed, and Allowed overrides Not-specified.
For example, suppose user Smith is a member of three groups, and each group has a different List access to the FY2013 package, as shown below.
Group | List access to FY2013 package |
Accounting | Not-specified |
Support | Denied |
Corporate | Allowed |
As a result of these settings, Smith is denied List access to the package because the Denied setting of the Support group overrides the other settings.