Applying object level security in Spectra

[Stephen Collins]

Any and all advice VERY appreciated.

We are at a stage in a small project where I want to examine and implement object 
level security on a test version of the site.  Unfortunately, neither the standard 
doco, nor Ben's book (unless I'm being dumb - please advise whether this is the case) 
seem to adequately answer my questions.  Here is what I want to do (for a particular 
set of things, which will carry over in technical terms to everything else once I get 
it working).

I have three defined groups:

1. Webtop Administrators (WA) - like me
2. Author Administrators (AA) - people admistering author groups
3. Author Creators (AC) - people creating and editing content

A standard user is assigned to NONE of these groups and will simply have browse access 
on the site.

Once principal content object type:
1. Article

There are a few other content object types, but once I can handle security on 
"Article", the logic should carry across any other types.

Standard structure of Site with 1-n Section objects with 1-n Page objects with 1-n 
Container objects with 1-n Article objects.

What I want to apply is:

1. WAs get access to any and all Webtop functionality, but need no other access (and 
in fact, should be denied it)
2. AAs get:
 * access to all methods for Article object
 * access to display, create, edit, delete for Container objects
 * access to display, create, edit, delete for Page objects
 * access to display, create, edit, delete for Section objects
 * access to approve and create workflow instances for All objects to which they have 
access
 * ability to assign users to AC group
 * ability to assign users to AA group
3. ACs get:
 * access to display, create, edit, delete for Article objects
 * access to create workflow instances, but NOT approve content on Article Object

Does this make sense?  Please reply on and off-list.

Steve C.
 ________________________________________________________________
|                         Stephen Collins                        |
|     Consultant - Australian Corporate Information Solutions    |
|            GPO Box 2962 CANBERRA ACT 2601 Australia            |
|     Ph +61 2 62822662 Fax +61 2 62824328 Cel +61 410 680722    |
|      [EMAIL PROTECTED]                 [EMAIL PROTECTED]      |
|                     http://www.acis.com.au                     |
|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~oOo~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
|       Before I got into triathlon, I was a normal person.      |
|________________________________________________________________|
 
This message was sent through MyMail http://www.mymail.com.au


------------------------------------------------------------------------------
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/spectra_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.