Paul Lagerman
Member
Security model where a user has multiple business units and different roles by business unit
The requirement is:
1. A user can be assigned to multiple business units
2. That user can have different action security to different business units (meaning for 3 out of the 4 BUs, the user can perform add,update, delete functions, but for the 4th BU, the user only has View access (read Only)
My goal is to limit the total roles in the system to the least amount possible. Currently, I've defined about 10 roles that will do the trick.
Now, my issue is, I would like to define a security model where:
1 User can have many business units
1 business unit can have one or many roles
User to BU, BU to Role
Basically, a parent child, parent child relationship. 1:M:M
I've determined that I might be able to accomplish my requirement by producing a unique role for each user, assigning the security to that role and then assigning the role to the business unit. 1 user to role to bu - The implications to this is I will actually have more roles than users... a maintenance nightmare
Is there a better model for implementing this requirement? I want to keep it as simple as possible.
The requirement is:
1. A user can be assigned to multiple business units
2. That user can have different action security to different business units (meaning for 3 out of the 4 BUs, the user can perform add,update, delete functions, but for the 4th BU, the user only has View access (read Only)
My goal is to limit the total roles in the system to the least amount possible. Currently, I've defined about 10 roles that will do the trick.
Now, my issue is, I would like to define a security model where:
1 User can have many business units
1 business unit can have one or many roles
User to BU, BU to Role
Basically, a parent child, parent child relationship. 1:M:M
I've determined that I might be able to accomplish my requirement by producing a unique role for each user, assigning the security to that role and then assigning the role to the business unit. 1 user to role to bu - The implications to this is I will actually have more roles than users... a maintenance nightmare
Is there a better model for implementing this requirement? I want to keep it as simple as possible.