In this scenario, we presume the existence of diverse groups within an organization that all have access to a common ClearQuest database. Although they all have access to the data, each group has differing needs regarding what queries and charts they want to use. Each group wants to be able to create and share their own queries and charts, but groups also want to be protected from other groups changing those items. Groups also want to be able to see the items in the folders of other groups.
The Security Administrator performs the following steps.
Members of each group can now use their group folder as a shared folder, with every member of the group being able to modify the contents of the group folder. All users have Read-Only access to all other group folders.
In this scenario, a group needs a private folder that will contain things that no other group can see.
The Security Administrator performs the following additional steps.
Note that the Security Administrator or any member of the owning group can create the Private folder, but that only the Security Administrator can set the workspace folder permissions in this scenario.
In this scenario, a group is only given access to a portion of the contents of the Public Queries folder. This may be desired to simplify user operation by reducing the scope of what a user can see, or to control access to sensitive data that should only have limited internal visibility.
This alternate scenario would be likely to incorporate the previous alternate flow to limit cross-group visibility. In addition, access to the content of non-group folders within the Public Queries folder would be restricted by the Security Administrator taking the following additional steps:
This scenario would generally involve additional ClearQuest groups to manage visibility to the non-group folders, since the appropriate policies would generally cut across group boundaries. For example, all group managers may have Read-Write access to certain folders that non-managers do not.
In this case, the Security Administrator wants to hide the existence of other group folders within the Public Queries folder so that a user will only see the folders that correspond to the groups they are members of. This is done by using Read-Limited instead of Read-Only (relative to the primary flow).
The Security Administrator performs the following additional steps.
Because the group folders already have Read-Write for the corresponding groups, each member of those groups will only see their own group folders inside Public Queries.