Planning an Authorization System

Discussion created by TimOsgood611330 on May 23, 2017
Latest reply on Jun 1, 2017 by TimOsgood611330
I am new to Automic but have been asked to design some authorization schemes for developers and users but have many questions.  I have read the documentation on planning an authorization system, authorizations and permissions.  

What I am looking for is a best practices guide for setting up authorizations and permissions to answer some of the questions below and others I haven't found yet.  Does such a document exist?

Authorizations seem to be very specific.  i.e., no inherited rights to child folder so you have to identify every folder you want authorized. Can it be dynamic?  If I add a sub folder, can the user inherit the rights of the parent folder?  Then it talks about authorization groups 1 to 9.  If I use 1 all works fine, if I add a 2, then 1 no longer works.  I understand the logical OR but not sure how "Access rights defined for an authorization group thus sum up" if group 2 overrides group 1.  Then if you create a user group, which takes priority, user or group?  The documentation wasn't clear to me.  Would it be better to create a user group with extensive authorizations but limit user authorizations? or vice versa?

For permissions, it seems more of check this and it does that but not which permissions should be minimum.  What authorizations/permissions should a developer have versus a user? 

Any direction would be greatly appreciated.