WE have a user who is not able to update his person document. After investigating I found that user has reader access to NAB. */NDMC (organisation) has author access but this user is also added to a group $BMC_pad which has reader access to NAB hence when I check Effective access it displays as READER.
Please suggest what shall I do because if organisation has Author access then user should also get Author access no matter if the group has reader access
Subject: why do you have a readers group then?
If you */NDMC has author access, why do you have another group of less access of readers for $BMC_pad group?
If you remove this group, does it work? Does your user get “authors” when he clicks the security icon on the lower right for his effective access? can your user author / edit his person document?
-Kyle Huang
Subject: I’m not an admin - real admin feel free to correct me…
I think the issue is that the Reader Group is specific where the Author is generic. By this I mean the Author access is */org, meaning it applies globally to everyone in the org, where the Reader Group only applies to the members of that Group, not globally. It stands to reason that generic org level access should be modified by Groups, so this does appear to be working how I’d expect it to at any rate.
Try adding this person to an Author Group, one that’s specific like the Reader Group. I would expect that to work, even if it’s not the “sanctioned” method of doing so. My experience is that multiple Groups in an ACL, where the Groups have individual entries (no wildcards), will provide the rights of the highest level Group, not the lowest. If it were the lowest I couldn’t access anything!
Hope this helps…
Subject: precedence
The group document will take precedence over a wildcard entry so if the user is a member of the group then that’s the access level they will get.
You can make everyone Author but have no delete and no create selected and this is essentially the same a Reader but gives them access to edit only docs where their name is listed as a local admin, such as their person document or any groups which they are owners of.