Hi! I have a task to organise collaborative access of staff members who belong to one department, but several sub-departments:
|—> Sub-dep A1
|—> Sub-dep A2
|—> Sub-dep A3
The logis is following:
- all DepA members have to have RO access to the group folder, called DepA, but:
1.1. all Sub-dep A1 members have to have RO and RW access to the sub-folder Sub-depA1, but do not have access to the sub-folders Sub-depA2, Sub-depA3;
1.2. the same applies to members of Sub-depA2 and Sub-depA3;
1.3. all DepA members have to have access to other sub-folders in the folder DepA.
My logic is following:
- Create a group DepA, assign users to it;
- Create groups Sub-depA1, Sub-depA2, Sub-depA3, assign users;
- Create group folder DepA, assign group DepA to it with selective access rights;
- Create sub-folders Sub-depA1, Sub-depA2, Sub-depa3 in the folder DepA;
And here I have 2 questions:
A. should the ‘first forbidden’ logic be applied, so I am allowing to have access to the group Sub-depA1 to the sub-folder Sub-depA1 only? And by default the other sub-folders will NOT be accessible? If yes, how?
B. should the ‘first allowed’ logic be applied, so I am forbidding to have access to the to the group Sub-depA1 to the sub-folder Sub-depA1 only? And by default the other sub-folders will be accessible? If yes, how?