|
发表于 2014-3-20 05:59:55
|
显示全部楼层
Tati wrote:I just started from the very beginning - if it doesn't work for the first level, even in }ApplicationSecurity this nodes are set to read - then i don't need to bother with the rest. As i told in the example above i expect my Group1-User to see Applications->Central Cost Planning, after Security Refresh i see only Applications. You can't just look at part of the tree to see if it's going to work because as I explained, you have to have rights to the actual objects themselves, not just the folders they are in, or it's not going to work.
This rule statement: [] = s: 'none'; sets all rights to NONE, meaning no one can see any object in the application tree, either application or folder. Now you have to add rights.
This rule statement: ['Group1', 'Central Cost Planning'] = S: 'read'; gives rights to the folder Central Cost Planning to Group1. It does not give rights to the folder Data Entry, and more importantly, it doesn't give Group1 the rights to the application object Data Entry - View 1. Since Group1 doesn't have rights to any application objects underneath Central Cost Planning they can't see Central Cost Planning. You need to add these rule statements:
['Group1', Central Cost Planning'Data Entry']=s:'read';
['Group1', 'Central Cost Planning'Data EntryData Entry - View 1']=s:'read';
After this, members of Group1 will be ablelto see the Applications folder, expand it and see Central Cost Planning, expand it and see Data Entry, expand it and see Data Entry - View 1. |
|