Hi Eamonn,
I have set up several such installations for clients in the past. Here are some general pointers.
The EA security model is essentially in two layers. There's access to a repository's underlying data store (file or database), then there's what's kown as "user security" on a per-repository basis.
The repository is the lowest level (finest granularity) where you can control access to information. In other words, if a certain OS user account has access to an EA repository they can read everything in it; it is not possible to restrict access to parts of a repository.
In addition, any EA repository access requires read and write permission in the underlying data store, whether that is a file or a database. This is because the EA client needs to be able to write information into certain tables even if the in-repository user account only has read access.
Since repositories can only be accessed fully or not at all, partial information sharing cannot be implemented by giving users different levels of access to a single repository. The only available alternative is to selectively distribute information from the repository. This can be achieved using XMI export / import, external version control, reusable assets, document generation, or HTML exports. Successful implementation of any of these strategies will require detailed knowledge of the model information content in order to correctly select what gets exported.
XMI export / import, external version control and reusable assets all give the option of model collaboration over repository boundaries, while document generation and HTML exports do not. However, if the key requirement is for information sharing, HTML exports in particular can be a quick way forward.
Of the collaboration options I usually recommend the reusable asset service. It adds a layer of security, which can be used to control access to reusable models, and it provides the ability to manage dependencies between models.
HTH,
/Uffe
