Example Access Roles Scheme
Example Access Roles Scheme🔗
Below are examples of using access roles. The general approach is to map out all user types against document groups, and use that to find the minimal set of access roles necessary to enforce the desired level of access control. Please also note that, access roles are case sensitive ('all' is not equal to 'ALL').
Example One: Flat🔗
Suppose a career consultancy company has many customers, each with their own customer database. Customers can search only in their own database.
On documents🔗
- Document access roles: assign the customer name (e.g. Google)
On tokens🔗
- Customer access roles: assign the customer name (e.g. Microsoft)
- Administrator access roles: role "all" can see all documents
Example Two: Matrix🔗
Suppose a recruitment company works in several lines of business (ICT, FIN, EDU) in multiple countries (NL, UK, US). Each combination is a business unit. A possible access roles scheme is:
On documents🔗
- Document access roles: assign three roles to each CV: line of business, country and business unit. e.g. (ICT, NL, ICTNL)
On tokens🔗
- Standard recruiter access roles: assign one business unit role. e.g. (ICTNL), can only access ICT CV's in NL.
- Foreign recruiter access roles: assign two business unit roles. e.g. (ICTUK, ICTUS), can access IT CV's in both UK and the US.
- Country manager access roles: assign one country role. e.g. (NL), can access CV's in NL for all business lines.
- General manager access roles: assign special role: "all", can access all CV's.
Example Three: Hierarchical🔗
Suppose a staffing agency has organized its candidate pool in several groups and sub groups. They are organized in a hierarchical structure. Access is granted by specifying parts of the hierarchy with exceptions. And it is also possible to grant access to a specific candidates overriding the hierarchical rules.
On documents🔗
- Document access roles: assign roles for each layer in the hierarchy, e.g. (1, 1x2, 1x2x1, 1x2x1x4)
On tokens🔗
- Access to a sub group in the hierarchy, e.g. (1x2), can access all documents within the 1x2 group
- Access to a sub group with exceptions, e.g. (1x2, -1x2x1), can access all documents within the 1x2 group except for documents in 1x2x1
- Access to a sub group with exceptions and individual additions, e.g. ("1x2 -1x2x1", 1x2x1x4), can access all documents within the 1x2 group except for 1x2x1, but also access 1x2x1x4.