Groups are an attribute applied to the core elements in the app; users and objects. Loop objects refers to anything that can accommodate an access type such as content, badges, announcements, featured content, etc. Administrators only have control and access over the users and objects that falls within the groups they are assigned to. Super admins have control over all objects and users within the tenant regardless of the groups the super admin is a part of.
For a user to have access to an object , both the user and the object must share at least 1 group. Similarly, for a people admin to have access to a user they both must share at least 1 group. There is no limit to how many different groups can be applied to a single object or user so the ways to relate groups of users and objects is nearly endless.
There are 3 types of access that a group may have for a given object item. There may only be 1 access type per group per object at any given time. The access type may be changed at any time by an admin with applicable permissions.
- View only - The object item is visible on the user side and will not be visible on the admin side except by Super Admins and the Owner of the object.
- Edit only - The object is visible only on the admin side and will not be visible on the user side
- View & Edit - The object is visible on both the user side and admin side. Users of the group may view the object and admins of the group may edit the object.
Access stacking: For instances where a content item has multiple groups each with varying accesses and there is a single user that is also a member of multiple groups that have varying access then the user will take either the highest level access possible or a combination of the “only” level accesses. This means that if one of the user’s shared groups is View only and the other is View & edit then their access to that content item will be View & edit.
For a user that is part of groups A and B both of which have an access type associated with content item 1.
|
Content item 1 |
Access Type |
||
|
View only |
Edit only |
View & Edit |
|
|
Group A |
X |
||
|
Group B |
X |
||
|
User Access Result |
View & Edit |
||
Alternatively:
|
Content item 1 |
Access Type |
||
|
View only |
Edit only |
View & Edit |
|
|
Group A |
X |
||
|
Group B |
X |
||
|
User Access Result |
View & Edit |
||
Exceptions: While users and content must share at least 1 group to have potential natural association there are instances where users can gain view access to content that they do not have group association with.
For example, this can occur if an admin assigns a content to a user that does not share group associations with the content. The user will still be able to see the content item though their assignments but not through content browse. Additionally, if a content item has external links enabled that content item may be viewed by members of other groups.
Comments
0 comments
Please sign in to leave a comment.