Steve,
We have implemented something almost exactly like what you discribe. We
have multiple authors creating the same object type and have to apply
object level security by GROUP to the objects. Each author belongs to a
separate group. GROUPS are treated the same as USERS for this security
purpose (thank heavens). Our pages go through a 4 step workflow before
going live.
I will ask our Spectra programmer at Millennium Communications who is
developing this for us to post more details on how we are doing this and
to copy you off-line.
I have to say one thing about this however. Even after upsizing the
SMPolicyStore and the UserDirectory, applying this security is VERY
slow. It is taking at least three minutes to apply security to five
method for three groups, and this is on a very fast dual processor Dell
and a separate very fast dual process Dell running SQL 7. We still have
this as an issue and are trying to resolve this with Allaire. If after
you see how we are doing it, you can come up with improvements those too
would be VERY helpful to us.
Anyone else seen this problem?
Thanks
Lanny Udey
Associate Dean, Learning and Information Technology
Hofstra University
[EMAIL PROTECTED]
>>> Stephen Collins <[EMAIL PROTECTED]> Monday, July 17, 2000 >>>
Any and all advice VERY appreciated.
We are at a stage in a small project where I want to examine and
implement object level security on a test version of the site.
Unfortunately, neither the standard doco, nor Ben's book (unless I'm
being dumb - please advise whether this is the case) seem to adequately
answer my questions. Here is what I want to do (for a particular set of
things, which will carry over in technical terms to everything else once
I get it working).
I have three defined groups:
1. Webtop Administrators (WA) - like me
2. Author Administrators (AA) - people admistering author groups
3. Author Creators (AC) - people creating and editing content
A standard user is assigned to NONE of these groups and will simply
have browse access on the site.
Once principal content object type:
1. Article
There are a few other content object types, but once I can handle
security on "Article", the logic should carry across any other types.
Standard structure of Site with 1-n Section objects with 1-n Page
objects with 1-n Container objects with 1-n Article objects.
What I want to apply is:
1. WAs get access to any and all Webtop functionality, but need no
other access (and in fact, should be denied it)
2. AAs get:
* access to all methods for Article object
* access to display, create, edit, delete for Container objects
* access to display, create, edit, delete for Page objects
* access to display, create, edit, delete for Section objects
* access to approve and create workflow instances for All objects to
which they have access
* ability to assign users to AC group
* ability to assign users to AA group
3. ACs get:
* access to display, create, edit, delete for Article objects
* access to create workflow instances, but NOT approve content on
Article Object
Does this make sense? Please reply on and off-list.
Steve C.
________________________________________________________________
| Stephen Collins |
| Consultant - Australian Corporate Information Solutions |
| GPO Box 2962 CANBERRA ACT 2601 Australia |
| Ph +61 2 62822662 Fax +61 2 62824328 Cel +61 410 680722 |
| [EMAIL PROTECTED] [EMAIL PROTECTED] |
| http://www.acis.com.au |
|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~oOo~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
| Before I got into triathlon, I was a normal person. |
|________________________________________________________________|
This message was sent through MyMail http://www.mymail.com.au
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/spectra_talk
or send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/spectra_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
