Complex example

BlueCielo Meridian Enterprise Server 2017 Administrator's Guide

You are here: About repositories > Configuring a repository > About repository security > Configuring repository security > Complex example

Complex example

Following is a more complex example that limits the users’ access to documents based on their organizational role and a standard security level that is assigned to each document. Documents may only be viewed and edited on a need-to-know basis.

For the sake of simplicity, this scenario only demonstrates the effective security for documents but it could be extended to include tags. Likewise, only one group is assigned to each user role but multiple groups could be assigned.

In the following figure, blue text indicates items defined in Meridian Explorer. Black text indicates the properties of each item.

Following are the effective rights for several of the users in this scenario:

John has full access within the repository except that he can only view drawings that are classified as Capital Project and he can only view all documents that are classified as Contract Project. He has no access to projects.

Here is why:
- He is a member of the Document Controllers group that is assigned to the Document Controller role.
- That role is assigned the Full Access permission level at the top level of the document property hierarchy. The assignment is inherited by the second level for Capital Project documents but for documents of the type Drawing at the third level, the Document Controllers role has only the View permission level.
- He is not a member of the Managers group that is assigned to the Project Manager role that has the Manage permission level to all projects.
Julia has view access throughout the repository except for projects. She can see and manage all projects except for the Omega project.

Here is why:
- She is a member of the Managers group that is assigned to the Project Manager role.
- That role is assigned the View permission level at the top level of the document property hierarchy and is inherited by the lower levels.
- The Project Manager role is assigned the Manage permission level in the default project permissions. The default permissions have been manually removed from the Omega project.
Rob has view access throughout the repository except for projects.

Here is why:
- He is a member of the Maintenance group that is assigned to the Default role.
- That role is assigned the View permission level at the top level of the document property hierarchy. The assignment is inherited by the second level and is also repeated explicitly for documents of the type Drawing.
- Rob cannot view projects because he is not a member of the Managers group that is assigned to the Project Manager role that has the Manage permission level to all projects.
Members of the MeridianSystemAdministrators group have all permissions in the repository because they have been granted in the global permissions.