What is the right way of having effect areas of roles like:
-Department1
--SubDepartment1
--SubDepartment2
-Department2
--SubDepartment3
--SubDepartment4
user - role@SomeGroupOrDepartment
Joe - manager@SubDepartment1
Kim - manager@Department2
Jim - user@Department2
Joe - user@Department1
Kim - qa@Department1
Kim - user@SubDepartment2
...
In the end we want to say in our applications
manager of Department 1 --> can write files
all users - -> can read files
all managers --> can have reports
any role in Sub Department 1 --> can use CAD
...
etc.
so to speak is there a good way to have effective role in triplets instead
of tuples... If my understanding is correct at the moment we have to create
composite roles with departments, In any living organization there are
multiple roles like employee, manager etc. with different departments doing
different things like human resource manager can read personal files,
where IT manager can access svn, and all managers can post announcement
emails where ordinary users can have different access rights depending on
department...
Show replies by date