Yes I knew about the admin tool, but the thought of doing it that way to a couple thousand fields was nauseating.
Third party tool suggestions if you've used any? Thanks, Susan On Thu, Feb 14, 2008 at 11:08 AM, Carey Matthew Black <[EMAIL PROTECTED]> wrote: > Susan, > > Admin tool ... Groups object... Fields tab... And pick the right fields. > > There are also other "third party tools" that attack setting field > permissions in mass too. > > -- > Carey Matthew Black > Remedy Skilled Professional (RSP) > ARS = Action Request System(Remedy) > > Love, then teach > Solution = People + Process + Tools > Fast, Accurate, Cheap.... Pick two. > > > On Thu, Feb 14, 2008 at 11:31 AM, Susan Palmer <[EMAIL PROTECTED]> > wrote: > > ** > > Thanks Matt, > > > > That explanation was very clear and the conclusion I came to also so > it's > > good to know my thinking is correct. > > > > Now I just need to find the best/easiest way to add the group to > thousands > > of fields. > > > > Thanks, > > Susan > > > > > > > > On Thu, Feb 14, 2008 at 8:40 AM, Carey Matthew Black < > [EMAIL PROTECTED]> > > wrote: > > > > > > > > > > > > > > Susan, > > > > > > Permissions in ARS are in layers... Additive layers. > > > > > > A) First a user must have access to the Form. > > > B) Next the user needs to have access to Field 1. > > > C) Next the user needs to have access to any of the other fields on > the > > form. > > > > > > The key here is that the user does not have to gain access to all > > > levels via the same Access Control group. > > > > > > > > > So... > > > > > > A) Lets say you have a form that is "Public (Hidden)". > > > So all users can "use" the form, but not see it in there "Object > > list"s. > > > > > > B) The permissions on Field 1 have these three groups: > > > Helpdesk, (some groupID) > > > AllCustomers, (some groupID) > > > Dynamic60001 (groupID=60001) > > > > > > So any user that is in "Helpdesk", or "AllCustomers" would have access > > > to all records (field 1 values) in the form. > > > However the third group is a reference to data in each record. So to > > > know who fits in that group the Application server has to look at the > > > record in question and check the data in $USER $'s 'Group List' > > > against the data in the field $60001$ for that record. (Any match > > > grants access to the record.) > > > > > > C) Then the server will check the permissions on each field and see if > > > the $USER $ has access to the field. > > > Again... dynamic groups, or "static" groups can be used on any > > > field and not just field 1. > > > > > > Also... the "dynamic groups" are a list of: Static Groups, User Names, > > > or Roles (for Deployable applications only). To keep things a bit > > > simpler... think of Roles as "Static groups". The thing about "dynamic > > > groups" is that they are defined on a record by record basis. So if > > > one record has a value of : 'bob';"Helpdesk" then for that record all > > > members of the group "Helpdesk" and also the user 'bob' would be a > > > member of that dynamic group for that record. > > > > > > > > > So let's say we have two other fields to talk about. > > > > > > 'Status' > > > Permissions: Public (View), HelpDesk(Change) > > > 'Short Description' > > > Permissions: HelpDesk(Change), Dynamic60001(Change) > > > > > > If the $USER $'s group list is blank then they will be able to see > > 'Status'. > > > They MAY also be able to see 'Short Description', If and only if > > > their user name appears in the 'Dynamic60001' field in single quotes. > > > > > > If the $USER $'s group list contains "HelpDesk" then they will be able > > > to see both fields. > > > > > > If the $USER $'s group list is not blank, and does not contain > > > "HelpDesk" then they will be able to see 'Status'. > > > They MAY also be able to see 'Short Description', If and only if > > > their user name appears in the 'Dynamic60001' field in single quotes. > > > > > > > > > So... the question becomes.... What are the permissions on the fields, > > > and what fields should these users (the ones that you put into the > > > 'Dynamic600001' field) be able to access? > > > > > > > > > That may not have been the best example... but I hope it helps. > > > > > > -- > > > Carey Matthew Black > > > Remedy Skilled Professional (RSP) > > > ARS = Action Request System(Remedy) > > > > > > Love, then teach > > > Solution = People + Process + Tools > > > Fast, Accurate, Cheap.... Pick two. > > > > > > > > > > > > > > > On Wed, Feb 13, 2008 at 6:28 PM, Susan Palmer <[EMAIL PROTECTED]> > > wrote: > > > > ** > > > > > > > > > > > > > Hi everyone, > > > > > > > > For the most part our system deals with external customer companies. > > Until > > > > now we all access pretty well everything with no problems. Now we > want > > to > > > > give access to a distributor we use and allow them to access > particular > > > > customers they work with on our behalf. In actuality only about > 3-5% of > > our > > > > customer records. > > > > > > > > So I thought this would be a good opportunity to try dynamic group > > access > > > > (first time user). First I thought I could just create the group > 60001, > > a > > > > few regular groups to distinguish between US, UK, CHINA, and the > > character > > > > field with ID 60001 on a particular form. I did that and in the > > character > > > > field 60001 on several records I put the different values of US, UK, > > CHINA. > > > > > > > > Then I logged in as various users that are in those particular > groups > > > > thinking I'd only see those records. Well it didn't work that way I > > could > > > > see all the records. I re-read all the documentation I could find > etc > > etc > > > > etc, drove myself a little crazy because this shouldn't be that > hard, > > seemed > > > > like a slam dunk in class a year ago ..... lol > > > > > > > > So back to basics, created a test form with the 60001 field. I also > had > > a > > > > problem since I thought instructions said to put users in the 60001 > > group > > > > but on my new form I was getting errors which I didn't get before. > So I > > > > removed them and left them in their US, UK, CHINA groups > respectively > > (among > > > > others). > > > > > > > > Created records and made a few of each type of 60001 group choice. > Did > > a > > > > query as one of the test users and got all the records but no data. > So > > I > > > > added 60001 permission to Request ID field. That limited my query > > return > > > > but didn't show any data. Then added 60001 permission to another > field > > and > > > > whaalaa I could see that data. > > > > > > > > So this is where I need the reality check help. > > > > > > > > Do I have to put that 60001 group permission on every field on every > > form I > > > > want them to have access to? It's literally thousands of fields. > Tell > > me > > > > this ain't so, that I've gone overboard. > > > > > > > > Is there a way to do this that won't produce carpal tunnel syndrome? > > > > > > > > Any suggestions, comments are appreciated. Chuckles are ok if > somewhat > > > > subdued but outright laughter at the pain of it not appreciated. > > > > > > > > Thanks for your help, > > > > Susan > > > > > > > > ARS 7.0.1P3 including clients and admin tool > > > > Oracle 10g > > > > Windows 2003 > > > > Part of application used to be HD V5 but now it's a customized > system. > > > > > > > > > > > > > > > > Susan Palmer > > > > > > > > > _______________________________________________________________________________ > > > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > > > > > > Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" > > > > > > > > > __Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" > > html___ > > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"