Susan, Admin tool ... Groups object... Fields tab... And pick the right fields.
There are also other "third party tools" that attack setting field permissions in mass too. -- Carey Matthew Black Remedy Skilled Professional (RSP) ARS = Action Request System(Remedy) Love, then teach Solution = People + Process + Tools Fast, Accurate, Cheap.... Pick two. On Thu, Feb 14, 2008 at 11:31 AM, Susan Palmer <[EMAIL PROTECTED]> wrote: > ** > Thanks Matt, > > That explanation was very clear and the conclusion I came to also so it's > good to know my thinking is correct. > > Now I just need to find the best/easiest way to add the group to thousands > of fields. > > Thanks, > Susan > > > > On Thu, Feb 14, 2008 at 8:40 AM, Carey Matthew Black <[EMAIL PROTECTED]> > wrote: > > > > > > > > > Susan, > > > > Permissions in ARS are in layers... Additive layers. > > > > A) First a user must have access to the Form. > > B) Next the user needs to have access to Field 1. > > C) Next the user needs to have access to any of the other fields on the > form. > > > > The key here is that the user does not have to gain access to all > > levels via the same Access Control group. > > > > > > So... > > > > A) Lets say you have a form that is "Public (Hidden)". > > So all users can "use" the form, but not see it in there "Object > list"s. > > > > B) The permissions on Field 1 have these three groups: > > Helpdesk, (some groupID) > > AllCustomers, (some groupID) > > Dynamic60001 (groupID=60001) > > > > So any user that is in "Helpdesk", or "AllCustomers" would have access > > to all records (field 1 values) in the form. > > However the third group is a reference to data in each record. So to > > know who fits in that group the Application server has to look at the > > record in question and check the data in $USER $'s 'Group List' > > against the data in the field $60001$ for that record. (Any match > > grants access to the record.) > > > > C) Then the server will check the permissions on each field and see if > > the $USER $ has access to the field. > > Again... dynamic groups, or "static" groups can be used on any > > field and not just field 1. > > > > Also... the "dynamic groups" are a list of: Static Groups, User Names, > > or Roles (for Deployable applications only). To keep things a bit > > simpler... think of Roles as "Static groups". The thing about "dynamic > > groups" is that they are defined on a record by record basis. So if > > one record has a value of : 'bob';"Helpdesk" then for that record all > > members of the group "Helpdesk" and also the user 'bob' would be a > > member of that dynamic group for that record. > > > > > > So let's say we have two other fields to talk about. > > > > 'Status' > > Permissions: Public (View), HelpDesk(Change) > > 'Short Description' > > Permissions: HelpDesk(Change), Dynamic60001(Change) > > > > If the $USER $'s group list is blank then they will be able to see > 'Status'. > > They MAY also be able to see 'Short Description', If and only if > > their user name appears in the 'Dynamic60001' field in single quotes. > > > > If the $USER $'s group list contains "HelpDesk" then they will be able > > to see both fields. > > > > If the $USER $'s group list is not blank, and does not contain > > "HelpDesk" then they will be able to see 'Status'. > > They MAY also be able to see 'Short Description', If and only if > > their user name appears in the 'Dynamic60001' field in single quotes. > > > > > > So... the question becomes.... What are the permissions on the fields, > > and what fields should these users (the ones that you put into the > > 'Dynamic600001' field) be able to access? > > > > > > That may not have been the best example... but I hope it helps. > > > > -- > > Carey Matthew Black > > Remedy Skilled Professional (RSP) > > ARS = Action Request System(Remedy) > > > > Love, then teach > > Solution = People + Process + Tools > > Fast, Accurate, Cheap.... Pick two. > > > > > > > > > > On Wed, Feb 13, 2008 at 6:28 PM, Susan Palmer <[EMAIL PROTECTED]> > wrote: > > > ** > > > > > > > > > Hi everyone, > > > > > > For the most part our system deals with external customer companies. > Until > > > now we all access pretty well everything with no problems. Now we want > to > > > give access to a distributor we use and allow them to access particular > > > customers they work with on our behalf. In actuality only about 3-5% of > our > > > customer records. > > > > > > So I thought this would be a good opportunity to try dynamic group > access > > > (first time user). First I thought I could just create the group 60001, > a > > > few regular groups to distinguish between US, UK, CHINA, and the > character > > > field with ID 60001 on a particular form. I did that and in the > character > > > field 60001 on several records I put the different values of US, UK, > CHINA. > > > > > > Then I logged in as various users that are in those particular groups > > > thinking I'd only see those records. Well it didn't work that way I > could > > > see all the records. I re-read all the documentation I could find etc > etc > > > etc, drove myself a little crazy because this shouldn't be that hard, > seemed > > > like a slam dunk in class a year ago ..... lol > > > > > > So back to basics, created a test form with the 60001 field. I also had > a > > > problem since I thought instructions said to put users in the 60001 > group > > > but on my new form I was getting errors which I didn't get before. So I > > > removed them and left them in their US, UK, CHINA groups respectively > (among > > > others). > > > > > > Created records and made a few of each type of 60001 group choice. Did > a > > > query as one of the test users and got all the records but no data. So > I > > > added 60001 permission to Request ID field. That limited my query > return > > > but didn't show any data. Then added 60001 permission to another field > and > > > whaalaa I could see that data. > > > > > > So this is where I need the reality check help. > > > > > > Do I have to put that 60001 group permission on every field on every > form I > > > want them to have access to? It's literally thousands of fields. Tell > me > > > this ain't so, that I've gone overboard. > > > > > > Is there a way to do this that won't produce carpal tunnel syndrome? > > > > > > Any suggestions, comments are appreciated. Chuckles are ok if somewhat > > > subdued but outright laughter at the pain of it not appreciated. > > > > > > Thanks for your help, > > > Susan > > > > > > ARS 7.0.1P3 including clients and admin tool > > > Oracle 10g > > > Windows 2003 > > > Part of application used to be HD V5 but now it's a customized system. > > > > > > > > > > > > Susan Palmer > > > > > _______________________________________________________________________________ > > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > > > > Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" > > > > > __Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" > html___ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
