We are trying to use Row Level access to limit users access to records based on two different qualifications.
For example: User1 is a member of both the manager group and the system1 group. We want him to be able to see all tickets for system 1 but not for any other systems. (That part is easy enough and is being used currently.) User2 is a member of both the customer group and the system1 group. We want him to be able to see only closed tickets for system 1 but not for any other systems. For the part that is working currently we just have the system name populate in a dynamic group and then give that dynamic group access to the tickets. When trying to implement the part to allow User2 access to a limited selection based on the status of the ticket within a limited selection based on the system is where I am stuck. The only way I can figure to do this is by creating another set of groups. Instead of a system1 group, we would set up a manager-system1 group and a customer-system1 group. And then just use active links to fill in the dynamic group with the manager-system1 group unless the ticket is closed then we would put both groups in that field. This becomes a problem for us as we already have 9 user types like manager that need to be limited similarly and over 100 systems. Making a group for each type of user with each system would get complex very quickly. Also every time we added a new system we would need to create 9 new groups for it. The same goes for every time a system changes its name, that would be 9 groups we would need to update. If we were to ever add a new type of user that is over a hundred new groups that need to be made for it. While this is possible and manageable. I am looking for a more flexible solution. Is there another way to do this by just using a combination of the groups we already have? I thought I had it with a computed group with a Group Definition like: “Manager” AND “Dynamic Group” But sadly the system does not allow this. Of course I understand why, but I can’t think of a way to do something like that on the tickets themselves and not as a group. -- View this message in context: http://old.nabble.com/Muliple-layers-of-Row-Level-access-using-Dynamic-groups-tp31106995p31106995.html Sent from the ARS (Action Request System) mailing list archive at Nabble.com. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
