Before you define your security rules, you must know how
to organize your users and understand how the information collected
by IBM® Rational® Change is used within your organization.
Ensure that people who need the information and who need access to
it are able to get the information they need after security rules
are implemented. Also, consider whether any of the information you
collect is company- or department-confidential, or critical to a subset
of the organization. You need this information to set up specific
groups and rules to control the types of access to information.
One of the main reasons to set up read/write security is to better
control who has access to information.
First, decide how to organize the users who need access to and
the users who do not need access to the information. In many cases,
the user groups you define correspond to different departments within
your organization.
You can start by defining groups based on your organization. Then,
you can further define smaller subsets of people who need for more
specific information, or you can define subsets of people who are
restricted in the information they view.