CentraSite Documentation : Getting Started with CentraSite : Implementation Concepts : Users, Groups, Roles, and Permissions : Permissions and Roles : Considerations when Working with Instance-Level and Role-Based Permissions
Considerations when Working with Instance-Level and Role-Based Permissions
 
Configuring the Default Roles that CentraSite Assigns to Users in an Organization
*A user always receives the union of all permissions he or she is granted.
*If you grant access to an object type using a role-based permission, the users of that role can access all objects of that type within the organization. You cannot selectively hide objects from certain users.
*If you grant access to an asset using a role-based permission, the users of that role can view all profiles for the asset. You cannot selectively hide profiles from certain users. If you need to hide or reveal certain profiles as an asset progresses through its lifecycle states, consider creating policies to automatically set the appropriate profile permissions when the asset switches state.
*Users that have been granted a role-based permission receive the specified level of access (View, Modify, or Manage). You can selectively increase this level of access for individual users, but you cannot selectively reduce it.
*Grant instance-level permissions to groups rather than individual users unless you have a specific reason to do so. Doing so gives you greater flexibility and makes permission changes easier to manage.
*If you grant access using instance-level permissions, you configure permissions on each asset individually. If you routinely use instance-level permissions, consider creating a policy to do this for you automatically.
*If you grant instance-level permissions to an external group (that is, a group that is defined and managed in your external authentication system), it might take CentraSite longer than usual to remove those permission assignments from a registry object.
Copyright © 2005-2016 Software AG, Darmstadt, Germany.

Product LogoContact Support   |   Community   |   Feedback