Thanks very much. That's the direction I was going. On Tuesday, January 12, 2016 at 3:20:04 AM UTC-5, Roberto Rosario wrote: > > Hi, thanks for trying out Mayan EDMS. > > Because any given document can be of only 1 document type, you would need > to add the department name as part of the document type label. > Also because these permissions are for specific document types, grant the > permission to the role in the *document type ACL* not in the role > creation view (as there the permissions are global). > > Document type Role > > -------------------------------------------------------------------------------------- > Global document all roles -> document view, editors role -> upload, > checkin > Department_1_docs dept_1_view -> document view, dept_1_editors -> > upload, checkin > Department_2_docs dept_1_view -> document view, dept_1_editors -> > upload, checkin > > Example: > Document types > ------------------------------ > "Accounting - Invoices" > "Human resources - complaint" > > Roles > ---------------- > "Accounting read only" > "Accounting editors" > "Human resources read only" > "Human resources editors" > > Document type ACLs (document type vs. role + permissions) > ---------------------- > "Accounting - Invoices" -> "Accounting read only" -> [document view] > "Accounting - Invoices" -> "Accounting editor" -> [extra permissions] > "Human resources - complaint" -> "Human resources read only" -> [document > view] > "Human resources - complaint" -> "Human resources editors" -> [extra > permissions] > > Hope this setup works for you. > > On Thursday, January 7, 2016 at 1:32:34 PM UTC-4, LeVon Smoker wrote: >> >> We are deploying Mayan-EDMS. It seems to be very well-designed and >> flexible. Thanks Roberto (and others) for this excellent app! >> >> I am having trouble, though, in figuring out how to optimally set up >> roles/ACLs/groups/doctypes for the security setup that the management would >> like. >> >> I have our Active Directory groups mirrored so we can have some control >> within the AD management software. On a "permissions" level we envision >> Readers (view-only) and Editors (view/upload/checkin/out). We would like >> agency-wide documents to be viewable by all staff (Readers) and manageable >> (Editors) by a management group. We would also like for department-specific >> documents to be limited to that department (for viewing, ie, Readers) and >> then within that department have a team that can manage the documents >> (Editors). >> >> Is this way of doing security possible or do we need to simplify what we >> want? >> >> LeVon Smoker >> >
-- --- You received this message because you are subscribed to the Google Groups "Mayan EDMS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
