S M Raymond 25.Oct.12 08:32 AM a Web browser Applications Development6.5.4 FP3Windows 2003
I will try not to be too long winded. I inherited a project that was created with an open access policy. This application tracks the logistics of many widgets for many different departments. Everyone who had an account could see and edit everything in it--a data soup. Someone finally figured out that was not a good idea, so my headache began.
The first thing they wanted was to split each department into its own application. Accomplished! That took care of Dept A not seeing what was in Dept B and so on. But now they want to restrict even further. I have to restrict who can see, who can read, and who can edit each individual widget and any supporting widget documents (which were not created as response documents...but that's a whole different headache).
My thought was to create widgetEdit and widgetRead groups for each widget and put those groups in a Readers field on each associated widget document which would allow each group to see the documents they are assigned to. Then use a [read] role, assign it to the widgetRead group and hide all the editing tools from the [read] role. But that doesn't work because someone could be a member of the widgetEdit group for one widget and a member of the widgetRead group for another and the [read] role would mess up his access. Now I’m thinking I need a separate form for each widget with the control set on the form, but that will make it challenging, to say the least, each time a new widget is added.
Please help. I know it doesn't have to be this hard. I just have my brain too wrapped around it. Can someone please suggest a sane way to set access for this application? Thanks so much!