BlueCielo Meridian Enterprise Server 2018 Administrator's Guide

Simple example

Following is a simple example that limits the users’ access to documents based on their department. All departments can view all documents but each department can only manage the documents that belong to their department.

For the sake of simplicity, this scenario only demonstrates the effective security for documents but it could be extended to include tags. Likewise, only one group is assigned to each user role but multiple groups could be assigned.

In the following figure, blue text indicates items defined in Meridian Explorer. Black text indicates the properties of each item.

Following are the effective rights for several of the users in this scenario:

  • John has Manage permissions to documents that have the value Civil for the Department property. For documents that do not belong to his department, he has only View permissions. He has no access to projects.

    Here is why:

    • He is a member of the Civil Eng group that is assigned to the Civil role.
    • That role is assigned the Manage permission level in the property hierarchy when the Department property equals Civil. When it equals Mech, he has only View permissions.
    • He is not a member of the Managers group that is assigned to the Project Managers role that has the Manage permission level to all projects.

  • Julia has Manage permissions to documents that have the value Mech for the Department property. For documents that do not belong to her department, she has only View permissions. She has no access to projects.

    Here is why:

    • She is a member of the Mech Eng group that is assigned to the Mechanical role.
    • That role is assigned the Manage permission level in the property hierarchy when the Department property equals Mech. When it equals Civil, she has only View permissions. She is not a member of the Managers group that is assigned to the Project Managers role that has the Manage permission level to all projects.

  • Rob has Full Access permissions throughout the repository regardless of the Department property. He can also view and manage projects.

    Here is why:

    • He is a member of the Managers group that is assigned to the Project Managers role.

    • That role is assigned the Full Access permission level in the property hierarchy when the Department property equals Civil and when it equals Mech. The Project Managers role is assigned the Manage permission level as the default for all projects.

  • Members of the MeridianSystemAdministrators group have all permissions in the repository because they have been granted in the global permissions.

Copyright © 2000-2018 BlueCielo, an Accruent company