I have ALL my Users in a User Group. A certain Working Group/Folder this User Group has "rwdv" Privileges. This is the way I want it set up.
What happens is that as soon as one of the Users in this User Group Creates a New Group/Folder under that Working Group/Folder, the User will have DIRECT "rwdv" Privileges to that New Group/Folder.
I would have thought the User would still ONLY have "rwdv" privileges via the User Group and NOT Directly.
Is there some setting/configuration that I am missing to get the behaviour I would like to see or is this behaviour by design?
Would appreciate any help. I have attached a PDF with print-screens of the User Administration screens in Aris.
Thank you.
Hi,
When you edit the privileges of the Group/folder there is an option "pass on privileges", this means:
Applies the privileges you selected in the Privileges box to all subgroups. This also applies to all new subgroups created below this group in the future. If you pass on privileges, we recommend that you consider the entire subordinate group structure. If users or user groups have other privileges for individual subgroups, these are changed when privileges are passed on.
In you case seems that option was assigned when privileges was set to the group/folder, then this is correct behavior.
BR
AO
Hello André,
I think this is a bug. To be more precise with the scenario I understood here (observed in 10.0.12):
There is a user group "Modeller" which has rw privilege on the group. The user john.doe does not have rw privileges by himself, but he can do modelling, because he is a member of "Modeller". Now he creates a new sub-group. By default the new group inherits the privileges rw for the user group modeller. But additionally the user john.doe obtains rwdv privileges on the group. Hence he can do things in that group he is probably not supposed to do. And he can do them even if he gets removed from the "Modeller" user group. This is a nightmare to clean up.
In reply to Hi,When you edit the by André Vitor
OK, I understand and accept that the User should have "rwdv" privileges to any New Subgroups that the User creates. The problem is that those "rwdv" right are directly assigned to the User now and are NOT only via the User Group. That just doesn't seem right to me as it creates a User Right Management nightmare.
So I suppose the real question is, how would I need to assign the "rwdv" rights via the User Group to a User so that the User would still ONLY have those "rwdv" rights via the User Group for a New Subgroup that the User creates?
Thanks for your help.
Hi All,
Ok I got the point, the question of Michael is clear ...
You can handle the privileges using the user group only, in case you have just to open the properties of the user group and choose the privileges for each Group/Folder. The user will have access based in User Group only.
See my attached images.
I hope this information helped.
BR
AO
Right, I know about setting the "properties of the user group", but the behaviour just seems wrong.
In your example from the User Group View (group1.png), if you expand the AA Folder what privileges are on the Sub-Folders? Also, in the User Name View (group2.png), again if you expand the AA Folder what privileges are on the Sub-Folders for "joao"?
I my case I seem to be set up the same way as your example and the answer to both these question in my case is there are "rwd" privileges from the User Group on the Sub-Folders to the AA Folder which looks good at that point in time.
The PROBLEM occurs when like in your example if "joao" Creates a NEW Sub-Folder under the AA Folder what privileges does "joao" get on that NEW Sub-Folder and are they still via the User Group or are they DIRECT Privileges (e.g. Direct Privileges-the "rwd" shows up under the Privileges column in the User Name View.)
This is where the problem lies in my environment in that a user like "joao" would get those Direct "rwd" priveleges on the Sub-Folder "joao" created, which is NOT what I want to happen. Those "rwd" privileges still should ONLY be via the User Group.
In reply to Right, I know about setting by mikhubb
Hi Michael,
If I expand the AA folder created by 'joao' the privileges will be the same RWD even to another user which belongs to the same user group.
The rights is inherited automatically to users from the same user group.. this is expected.
Unfortunately there is no way using the standard features to work the way as you want. An solution should be to 'revoke' the subfolders creation from users ...
As you desires a different behavior, what I suggest you is to create a brainstorm and our Product Team will check if could add this kind of feature to future releases. To create the Brainstorm you have to use the Empower.Softwareag.com portal.
To Another hand is try to customize some solution, and also the Software Ag offers customization services.
BR
AO
In reply to Hi Micheal, by André Vitor
Thanks for all your help. At least now I know I am not missing something.
Yes I have created a "Brainstorm Request" before and will do it again for this because this behavior is just counter to the reason as to why you have User Groups. You want ALL the Privileges to be managed via the User Group and NOT have to deal with Directly Assigned Privileges.
Thanks again.
