AnsweredAssumed Answered

User Group / Folder Authorization Method

Question asked by Mark_Hadler_430 on May 28, 2015
Latest reply on Jun 13, 2015 by Mark_Hadler_430
Until now we have always had two basic classes of user authorizations in a Client; those that have Read/Write/Delete/Execute/Modify/etc objects and those that only have Read/Statistics/Reports access.  This is implemented using User Group objects with Folder (FOLD) authorization and we never use Object level authorization.

We are now faced with a new class of user that will be allowed Read/Write/Delete/Execute/Modify/etc in their own folders. This works fine except with one exception and we are unable to determine the best way to handle it.  The issue is access to Calendar objects.  All objects in a Client share a common company-wide Calendar that is in a separate folder, again protected by Folder authorization.

Activation of objects by this new class of users fail with “U0000009 ‘calendar name’ Access denied” message. We are assuming that this is due to UC4’s requirement to update the Calendar object’s Last used property during activation as we have the UC_SYSTEM_SETTINGS LAST_USE with a non-zero value.  It cannot update this value since this user only has Read authority to this object’s folder.

All that we have come up with thus far is to grant Write access to the Calendar’s folder and hope that they don’t get “creative” and start directly mucking around.

We are on V8 and would appreciate any insight or recommendations that you can provide.

Outcomes