In this second blog I will focus on the structure of the user groups from a high level.
I will divide the user groups into two parts:
- The assignment part
Underlying groups are only used to assign imported windows AD or SAP roles to.
- The configuration part
Underlying groups are used to config the system.
Configuration user groups
The configuration part holds all user groups used to configure access throughout the system. It is divided (for now) into these two:
- The organisational part: who can see what
This part consists of user groups which are modelled according to the organisational structure. Which folders a principal can see is determined here,
it’s about access.
- The user types part: who can do what
This part covers the different user types. What a user
type can do with the content is determined here,
it’s about functionality.
Assignment user groups
The assignment part is not divided (for now). This part holds all the user groups that are used to assign business users to. You should create a group for every combination of the organisation and the user types that will be used:
The assignment groups all are members of the configuration groups. The group "HR - Attrition - Endusers" is a member of "HR - Attrition", which defines the folders and reports that can be used. And it is a member of "1 - Endusers"which defines what can be done with the reports.
The model now looks like this: