User Group Setup

Discussion created by laura_albrecht_automic on Sep 30, 2016
Latest reply on Oct 4, 2016 by laura_albrecht_automic
Has anyone tried / figured out if there is a way to separate out the role of a user (view, execute, edit) from the application that they work on?  Never really thought about this, because previously each team had their own client, so only really needed to define the role piece.

However, now we are using a single client for multiple teams / applications.  Each team has its own folder.  They are restricted in the object types / names they can work with within their folder.  For example, if it is the HR team, they have a \HR folder and all their objects must start with HR.* object names.

I created 3 user groups to handle the different roles.  So I have a VIEW_HR user group, EXECUTE_HR user group and an EDIT_HR user group.

My manager has asked me about separating out the role / application so that there aren't so many user groups.  I can see her point.  At this point, if I have 100 applications, I'll have 300 user groups.

Unfortunately, I can't see a way to do this with the security within the user groups.  I tried creating a generic VIEW, EXECUTE and EDIT user group - that basically all I did was grant the read / execute / write authorizations.  And then created a single HR user group that had access to the \HR folder and allow work with HR.* objects.  But it isn't working.

I'm not sure if I'm overthinking this and/or this just isn't feasible with the Automation Engine security.

Any thoughts?

The purpose behind doing this is because we're about to implement LDAP Sync to eliminate me having to the majority of user management - she thought this would make that setup simpler.