Combining Access Control Strategies for Cabinets and Life Cycle-Managed Objects
In some cases, you may decide to create restrictive domain policies, which provide only the minimum access to most users. For example, you can grant users Read permission to a Default cabinet in a context so they can view the cabinet while withholding additional permissions for objects residing in the cabinet and its folders. Then, based on the life cycle and team associations for the objects within the cabinet, you can use ad hoc ACLs to grant certain participants the access permissions they need to fulfill their roles for a life cycle phase or workflow activity, assuming that the permissions have not been absolutely denied by any policy rules.
Life cycle roles can be mapped to team template roles when a life cycle is created. For example, the life cycle role Promoter can be mapped to the team role Team Leader. When a team is defined, roles are mapped directly to specific participants or to actor roles (of which there is only the Creator actor role currently defined). In addition, the context team roles and members are used.
For additional information about teams, see About Context Teams.
Additionally, life cycles can contain access control rules for specific phases and life cycle roles. For example, assume that the Development life cycle includes an Under Review phase. The access control rules for this phase specify that for the duration of the phase, the Promoter role has modify permission for the object.
Было ли это полезно?