In addition, these administrators can delegate permission control over only specified folders by assigning the Change-Permission permission to a specified folder for a specified user group. Users in these groups will only be able to set permissions on sub-folders of their accessible folders.
In previous versions of the product, there was only one level of privilege, Public Folder Administrator, associated with control of Public Queries folders.
A Security Administrator,' as defined within the User Administration Tool, is responsible for managing folder permissions and setting up access control lists (ACL) over the entire installation. He or she has the ability to set and/or change folder permissions for any folder within the installation, and has Read-Write access to all folders and subfolders. .
The Security Administrator sets up the original folder permissions on folders directly under the Public Queries folder root to correspond to the needs of the user groups accessing each folder. The main difference between the security administrator and the Public Folder Administrators is that the Security Administrator has the ability to modify the permissions set on any folder for any group, while a Public Folder Administrator can modify the permission set on any folder only for groups of which he or she is a member.
The Security Administrator selects Public Folder Administrators to manage group level folder permissions. Each Public Folder Administrator is a member of one or more functional groups. For example, a Public Folder Administrator might be a member of the 'dev' (development) group, as well as the subgroup 'dev-gui.
Based on the ClearQuest groups they belong to, different Public Folder Administrators set up the folder permissions for their groups. The Public Folder Administrator has access to any folder under the root Public Queries folder, but can only assign permissions for groups to which they belong.
In this way, Public Folder Administrators take on some work for the Security Administrator, by managing the folder permissions of their own groups, while the Security Administrator handles site security policy and issues.