Thanks very much. That's the direction I was going. On Tuesday, January 12, 2016 at 3:20:04 AM UTC-5, Roberto Rosario wrote: > > Hi, thanks for trying out Mayan EDMS. > > Because any given document can be of only 1 document type, you would need > to add the department name as part of the document type label. > Also because these permissions are for specific document types, grant the > permission to the role in the *document type ACL* not in the role > creation view (as there the permissions are global). > > Document type Role > > -------------------------------------------------------------------------------------- > Global document all roles -> document view, editors role -> upload, > checkin > Department_1_docs dept_1_view -> document view, dept_1_editors -> > upload, checkin > Department_2_docs dept_1_view -> document view, dept_1_editors -> > upload, checkin > > Example: > Document types > ------------------------------ > "Accounting - Invoices" > "Human resources - complaint" > > Roles > ---------------- > "Accounting read only" > "Accounting editors" > "Human resources read only" > "Human resources editors" > > Document type ACLs (document type vs. role + permissions) > ---------------------- > "Accounting - Invoices" -> "Accounting read only" -> [document view] > "Accounting - Invoices" -> "Accounting editor" -> [extra permissions] > "Human resources - complaint" -> "Human resources read only" -> [document > view] > "Human resources - complaint" -> "Human resources editors" -> [extra > permissions] > > Hope this setup works for you. > > On Thursday, January 7, 2016 at 1:32:34 PM UTC-4, LeVon Smoker wrote: >> >> We are deploying Mayan-EDMS. It seems to be very well-designed and >> flexible. Thanks Roberto (and others) for this excellent app! >> >> I am having trouble, though, in figuring out how to optimally set up >> roles/ACLs/groups/doctypes for the security setup that the management would >> like. >> >> I have our Active Directory groups mirrored so we can have some control >> within the AD management software. On a "permissions" level we envision >> Readers (view-only) and Editors (view/upload/checkin/out). We would like >> agency-wide documents to be viewable by all staff (Readers) and manageable >> (Editors) by a management group. We would also like for department-specific >> documents to be limited to that department (for viewing, ie, Readers) and >> then within that department have a team that can manage the documents >> (Editors). >> >> Is this way of doing security possible or do we need to simplify what we >> want? >> >> LeVon Smoker >> >
-- --- You received this message because you are subscribed to the Google Groups "Mayan EDMS" group. To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
