When it comes to restricting either visibility of events or who can observe a particular group everything seems to be based on including all roles as the default and you then go in and remove access from those roles which you need to restrict. Now I know when it comes to permissionong roles it's different where you explicitly grant access which is good however why not finish it off by also providing the ability to explicitly deny access as well, this would obviously over ride any grant access where there is a conflict.
I'd also really like to see ACLs introduced for groups as well - let me specify which groups can access screens, functions, whatever as well as by role. That way I can augment the role based permissionong with aligning to organisational structures as well...!
Comments
Please sign in to leave a comment.
Thank you for the feedback Alistair.
Do you consider the Group-based ACL more useful than the denial rules? That is my initial guess, based on it adding a whole new capability that currently doesn't exist, but I am curious what your feedback is on importance?
Hi, group based ACL would be a powerful alternative for some compared to role based. Group based ACL can be easier if you want to align to an organisational structure Vs operating model where role based ACl is probably better.