Susan,

Admin tool ... Groups object... Fields tab... And pick the right fields.

There are also other "third party tools" that attack setting field
permissions in mass too.

-- 
Carey Matthew Black
Remedy Skilled Professional (RSP)
ARS = Action Request System(Remedy)

Love, then teach
Solution = People + Process + Tools
Fast, Accurate, Cheap.... Pick two.


On Thu, Feb 14, 2008 at 11:31 AM, Susan Palmer <[EMAIL PROTECTED]> wrote:
> **
> Thanks Matt,
>
> That explanation was very clear and the conclusion I came to also so it's
> good to know my thinking is correct.
>
> Now I just need to find the best/easiest way to add the group to thousands
> of fields.
>
> Thanks,
> Susan
>
>
>
> On Thu, Feb 14, 2008 at 8:40 AM, Carey Matthew Black <[EMAIL PROTECTED]>
> wrote:
>
> >
> >
> >
> > Susan,
> >
> > Permissions in ARS are in layers... Additive layers.
> >
> > A) First a user must have access to the Form.
> > B) Next the user needs to have access to Field 1.
> > C) Next the user needs to have access to any of the other fields on the
> form.
> >
> > The key here is that the user does not have to gain access to all
> > levels via the same Access Control group.
> >
> >
> > So...
> >
> > A) Lets say you have a form that is "Public (Hidden)".
> >    So all users can "use" the form, but not see it in there "Object
> list"s.
> >
> > B) The permissions on Field 1 have these three groups:
> >     Helpdesk, (some groupID)
> >     AllCustomers, (some groupID)
> >     Dynamic60001 (groupID=60001)
> >
> > So any user that is in "Helpdesk", or "AllCustomers" would have access
> > to all records (field 1 values) in the form.
> > However the third group is a reference to data in each record. So to
> > know who fits in that group the Application server has to look at the
> > record in question and check the data in $USER $'s 'Group List'
> > against the data in the field $60001$ for that record. (Any match
> > grants access to the record.)
> >
> > C) Then the server will check the permissions on each field and see if
> > the $USER $ has access to the field.
> >     Again... dynamic groups, or "static" groups can be used on any
> > field and not just field 1.
> >
> > Also... the "dynamic groups" are a list of: Static Groups, User Names,
> > or Roles (for Deployable applications only). To keep things a bit
> > simpler... think of Roles as "Static groups". The thing about "dynamic
> > groups" is that they are defined on a record by record basis. So if
> > one record has a value of : 'bob';"Helpdesk" then for that record all
> > members of the group "Helpdesk" and also the user 'bob' would be a
> > member of that dynamic group for that record.
> >
> >
> > So let's say we have two other fields to talk about.
> >
> > 'Status'
> >  Permissions: Public (View),  HelpDesk(Change)
> > 'Short Description'
> >  Permissions: HelpDesk(Change), Dynamic60001(Change)
> >
> > If the $USER $'s group list is blank then they will be able to see
> 'Status'.
> >  They MAY also be able to see 'Short Description', If and only if
> > their user name appears in the 'Dynamic60001' field in single quotes.
> >
> > If the $USER $'s group list contains "HelpDesk" then they will be able
> > to see both fields.
> >
> > If the $USER $'s group list is not blank, and does not contain
> > "HelpDesk" then they will be able to see 'Status'.
> >  They MAY also be able to see 'Short Description', If and only if
> > their user name appears in the 'Dynamic60001' field in single quotes.
> >
> >
> > So... the question becomes.... What are the permissions on the fields,
> > and what fields should these users (the ones that you put into the
> > 'Dynamic600001' field) be able to access?
> >
> >
> > That may not have been the best example... but I hope it helps.
> >
> > --
> > Carey Matthew Black
> > Remedy Skilled Professional (RSP)
> > ARS = Action Request System(Remedy)
> >
> > Love, then teach
> > Solution = People + Process + Tools
> > Fast, Accurate, Cheap.... Pick two.
> >
> >
> >
> >
> > On Wed, Feb 13, 2008 at 6:28 PM, Susan Palmer <[EMAIL PROTECTED]>
> wrote:
> > > **
> >
> >
> >
> > > Hi everyone,
> > >
> > > For the most part our system deals with external customer companies.
> Until
> > > now we all access pretty well everything with no problems.  Now we want
> to
> > > give access to a distributor we use and allow them to access particular
> > > customers they work with on our behalf.  In actuality only about 3-5% of
> our
> > > customer records.
> > >
> > > So I thought this would be a good opportunity to try dynamic group
> access
> > > (first time user).  First I thought I could just create the group 60001,
> a
> > > few regular groups to distinguish between US, UK, CHINA, and the
> character
> > > field with ID 60001 on a particular form.  I did that and in the
> character
> > > field 60001 on several records I put the different values of US, UK,
> CHINA.
> > >
> > > Then I logged in as various users that are in those particular groups
> > > thinking I'd only see those records.  Well it didn't work that way I
> could
> > > see all the records.  I re-read all the documentation I could find etc
> etc
> > > etc, drove myself a little crazy because this shouldn't be that hard,
> seemed
> > > like a slam dunk in class a year ago ..... lol
> > >
> > > So back to basics, created a test form with the 60001 field.  I also had
> a
> > > problem since I thought instructions said to put users in the 60001
> group
> > > but on my new form I was getting errors which I didn't get before.  So I
> > > removed them and left them in their US, UK, CHINA groups respectively
> (among
> > > others).
> > >
> > > Created records and made a few of each type of 60001 group choice.  Did
> a
> > > query as one of the test users and got all the records but no data.  So
> I
> > > added 60001 permission to Request ID field.  That limited my query
> return
> > > but didn't show any data.  Then added 60001 permission to another field
> and
> > > whaalaa I could see that data.
> > >
> > > So this is where I need the reality check help.
> > >
> > > Do I have to put that 60001 group permission on every field on every
> form I
> > > want them to have access to?  It's literally thousands of fields.   Tell
> me
> > > this ain't so, that I've gone overboard.
> > >
> > > Is there a way to do this that won't produce carpal tunnel syndrome?
> > >
> > > Any suggestions, comments are appreciated.  Chuckles are ok if somewhat
> > > subdued but outright laughter at the pain of it not appreciated.
> > >
> > > Thanks for your help,
> > > Susan
> > >
> > > ARS 7.0.1P3 including clients and admin tool
> > > Oracle 10g
> > > Windows 2003
> > > Part of application used to be HD V5 but now it's a customized system.
> > >
> > >
> > >
> > > Susan Palmer
> >
> >
> _______________________________________________________________________________
> > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> >
> > Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
> >
>
>
>  __Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
> html___

_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Reply via email to