Security possibilities: disable editing package contents for certain users?

[Jacob Vos]

I am reading the help text regarding security. It's not clear to me whether what we would like to implement, is possible. Maybe someone can quickly give an answer?

For a shared repository we want to define e.g. user groups A and B and to indicate that editing certain packages (their content) is allowed to user group A but not to user group B. Viewing package contents is allowed to users of all groups.

If needed to implement such security policies, it's OK to have those packages in different root nodes.

[Geert Bellekens]

Different root nodes is not necesarry, and often annyoing (e.g. you can only create an HTML report from one root node)

If you really want that you can use Group locks.

So enable security, define the group, and then apply user lock for the appropriate group on a package.

I myself am a fan of the option "Require user lock to edit".
This makes the whole model read-only until a user does a "Apply User Lock" on the part of the model they want to edit.
It doesn't restrict any part of the model for anyone, but in my experience that is really not needed.

If you have to deliberately lock part of the model, this is usually enough to make people think about what they are doing.
I've never know someone to deliberately edit a part of the model that they are not supposed to. Of course you have to educate your users so they know what parts they are supposed to edit.

Geert

[Jacob Vos]

@Geert: thank you for your reaction!