Welcome to Telelogic Product Support
  Home Downloads Knowledgebase Case Tracking Licensing Help Telelogic Passport
Telelogic DOORS (steve huntington)
Decrease font size
Increase font size
Topic Title: Access Rights Prioritisation
Topic Summary: User referred to twice, which takes precedence?
Created On: 9-Jun-2008 15:11
Status: Post and Reply
Linear : Threading : Single : Branch
Search Topic Search Topic
Topic Tools Topic Tools
Quick Reply Quick Reply
Subscribe to this topic Subscribe to this topic
E-mail this topic to someone. E-mail this topic
Bookmark this topic Bookmark this topic
View similar topics View similar topics
View topic in raw text format. Print this topic.
Answer This question was answered by Joe Sarkic, on Tuesday, June 10, 2008 6:59 AM

Answer:
Group access rights are cumulative, but individual access rights override all group settings that the user resides in. For example, if user A is in group B with RMCDA access, and user A is explicitly set to R access only, the user will only have R access, irrespective of the group settings.
 9-Jun-2008 15:11
User is offline View Users Profile Print this message


Alan Gooch

Posts: 107
Joined: 30-Aug-2005

For reasons I won't go in to, we have Access Rights set on a module where a user is uniquely identified and given the access RMCD and is also included in a User Group and given the access R.

Which, if any, takes precedence?

If it makes any difference, the user on his own appears first in the list.
Report this to a Moderator Report this to a Moderator
 9-Jun-2008 15:16
User is offline View Users Profile Print this message


Tony Goodman

Posts: 97
Joined: 6-May-2008

Access right are cumulative, in other words the user gets the most access possible by virtue of inclusion in groups etc.

So if the user has RMCD access, then ading him to a group with R access will not take away his MCD rights.

-------------------------
Tony Goodman
Smart DXL limited
www.smartdxl.com
Report this to a Moderator Report this to a Moderator
 9-Jun-2008 15:28
User is offline View Users Profile Print this message


Alan Gooch

Posts: 107
Joined: 30-Aug-2005

Thanks, that's what I thought, therefore I have a user with a sharing problem which needs investigating further :-(
Report this to a Moderator Report this to a Moderator
 9-Jun-2008 17:26
User is offline View Users Profile Print this message


Joe Sarkic

Posts: 31
Joined: 13-Jun-2005

Answer Answer
Group access rights are cumulative, but individual access rights override all group settings that the user resides in. For example, if user A is in group B with RMCDA access, and user A is explicitly set to R access only, the user will only have R access, irrespective of the group settings.
Report this to a Moderator Report this to a Moderator
 9-Jun-2008 18:53
User is offline View Users Profile Print this message


Louie Landale

Posts: 2070
Joined: 12-Sep-2002

Yes, if one group provides RM and another provides RC, then the user has RMC. Yes, a user specific access overrides all group access and is the only clumsy method of denying access.

Too bad a group access cannot have a "Minimum - Maximum" flag associated with it, where the access can be Minimum (as it is now) or Maximum, which would override other accesses.

- Louie
Report this to a Moderator Report this to a Moderator
 10-Jun-2008 06:59
User is offline View Users Profile Print this message


Alan Gooch

Posts: 107
Joined: 30-Aug-2005

Okay thanks guys, I think that explains the problem I've got.

Edited: 10-Jun-2008 at 07:00 by Alan Gooch
Report this to a Moderator Report this to a Moderator
 10-Jun-2008 15:12
User is offline View Users Profile Print this message


Tony Goodman

Posts: 97
Joined: 6-May-2008

I didn't explain that very well did I!
Thanks to Joe and Louie for the clarification.

As Louie says, this highlights why you should always use groups to assign access and never do it on individual users.

-------------------------
Tony Goodman
Smart DXL limited
www.smartdxl.com
Report this to a Moderator Report this to a Moderator
Statistics
20925 users are registered to the Telelogic DOORS forum.
There are currently 1 users logged in.
The most users ever online was 15 on 15-Jan-2009 at 16:36.
There are currently 0 guests browsing this forum, which makes a total of 1 users using this forum.
You have posted 0 messages to this forum. 0 overall.

FuseTalk Standard Edition v3.2 - © 1999-2009 FuseTalk Inc. All rights reserved.