Typically I have 2 levels of application roles for users:
Agenda_User (e.g. clerk): can edit some forms (e.g. Order) and read some other forms (e.g. Address Book)
Agenda_Admin (e.g. clerk supervisor): can edit everything.
I’d like to set the Agenda_User role user1 and user2 with both of these roles.
But there is problem with forms with “read only” permissions (user2 has an Address Book only for reading in this case).
Is any possibility how to merge user roles for admin users by this way?
I suppose you mean that you would like to add a user while adding him to both user roles – User and Admin.
But both access the same menu items, while User has it read only, Admin has full access.
As of today you should not assign different access to the same user. You will get mixed results.
What do you propose? When the user has the same screen both read only (from the User group) and not read only (from the Admin group). Should the result be read only or not? Is he more “Admin” in that case? Should we always look for the less restricting permission?
Yes, I think it would be better for me. It would allow put users rights together from more application roles.
So you could reuse application roles from users with lower permissions for users with higher permissions then.
The maintenance of user roles would be easier.
At this time, if I need to create user with higher permissions, I have to create “full” user role again for him.
Then, if I create a new application role, I have to change both of user roles.
If I need to lower permisson for a user from write to read, I simply check Read in HIS application role, I do not do it in application role of somebody else.
Has anybody another opinion? Can anybody imagine it would be dangerous in any case?
What would be the solution then?
If the user has the following roles assigned:
- Display screen “Address book” - read only
- Display screen “Address book” - full access
Should he get
- Read only address book
- Full access to address book