Scenario 3 – Understanding Users in Different Roles and Rights on Objects
This scenario illustrates what a person in a role or multiple roles can expect to see when rights are assigned directly to objects. Remember that you always need rights on the parent category if you want to view the objects in the category tree. For this scenario, parent category rights and inheritance are not shown.
In your organization, you could have multiple job functions and belong to multiple roles, similar to Bob and Mike. Depending on the role you are in, the rights and permissions assigned to that role determine what you can run and design. The following table describes what Mike and Bob experience based on their role membership.
Object | Role | Rights/ Permissions | Results |
---|---|---|---|
View | Role A | View Allow | Mike belongs to both Role A and B, but Mike does not see the View as Role B has Deny permissions, and Deny always take precedence over other permissions. |
Role B | View Deny | ||
Form | Role B | View Deny | Bob can see the Form even though he is a member of Role B which has Deny rights. This is because Bob belongs to Security Administrators role that has rights to all objects. |