Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.

Welcome, Guest
Guest Settings

Thread: Explanation of Permission Assignments

This question is not answered. Helpful answers available: 2. Correct answers available: 1.

Permlink Replies: 0
Callen Trail

Posts: 1
Registered: 12/24/14
Explanation of Permission Assignments  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 19, 2015 2:15 PM
I am currently learning repository administration and have a question about assigning roles among users. This is the way I currently understand the security model of the repository system. If this is incorrect, or if there is an easier way to administer security, please let me know.

When assigning roles to users in the repository, in order to allow a user to create diagrams or projects, the admin must give them that access at the repository level. If you simply add the user to a role with those permissions at the project level they will be unable to add new diagrams or projects as needed. So let's say I have users #1 and #2 with projects A and B. I want user #1 to be able to add new diagrams and subfolders under project A, but not be able to make these changes in project B. I also want this vice versa behavior for user #2 to access project B but not project A. This means I have to give both users repository level permissions to create diagrams/projects, and then add them to a read-only role in the projects I don't want them accessing. User #1 would have a read-only role in the project B folder, and user #2 would have a read-only role in the project A folder. This works fine if you have a small number of projects and users, but quickly becomes a problem.

Now let's say you have 100 projects and 100 users. You want each user to be associated with a single project, and you don't want them to have the ability to modify each other's projects. Now you have to give all 100 users the ability to create diagrams/projects at the repository level, and then for each project add the 99 users not associated with that project to a read-only role. This means you are manually moving users over 9000 times(99 users * 99 projects), rather than only 100 times if you could assign permissions at the project level rather than being forced to do so at the repository level. Then each time you add a new user or new project, you are forced to add that new user to the read-only role under every other project as well as adding every other user to the read-only role under the new project.

Is this really how the security works using the repository? Is there something I am missing or a justifying explanation for this design? It seems like this security model is the reverse of what it should be. Is there any way I can allow users to create diagrams under only specific folders without being forced to add them to a role with Create permission at the repository level? Any help or clarification with this issue would be appreciated.
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02