Minimize group count

fainemr
fainemr
edited January 27, 2009 in Documentum #1

For a redesign I'm looking at ways to ease administration, specifically group count but here is the problem.  We intend to map groups to a specific taxonomy's listing for projects.

My thinking was that I could minimize acl's by using permission set templates along with alias sets to create an alias set such as:

for each project:

projecta alias set

[group]admin -> projecta_admin

[group]contributor -> projecta_contributor

[group]coordinator -> projecta_coordinator

etc...

An acl template that maps the group aliases to the permission like:

%admin = delete

%contributor = write

%coordinator = read

and so forth

However, this will still result in a large number of alias sets and groups as each project (100 or so) will need to have at least three groups, maybe more.

Is this the way to go or is there a better way?

Thanks,

-Mark

Comments

  • DCTM_Guru
    DCTM_Guru
    edited January 26, 2009 #2

    In your example, you have not really reduce the amount of ACLs required to support 100+ projects.  The real advantage of using alias sets with PSTs is when you have multiple ACL templates (PSTs) that you can define.  This normally occurs when you try to define ACLs to match lifecycle states.  If you only have 1 acl template, then you havent really reduce the number of objects required.

    In your example, if a user can ONLY belong to one of the groups at a time, then you change the mapping of user to three groups to group and an attribute.  In other words, istead of defining 3 groups, you can define group_name and group_role (2 objects).  Doesnt seem ti save much from an administration perspective, but this approach would be more advantageous if you add more roles for that group.

  • fainemr
    fainemr
    edited January 27, 2009 #3

    Can you help me understand why this doesn't reduce the number of ACLs.  Each user has an alias set that maps groups that are used in a shared ACL template. If it doesn't work that way it should

    Also, I don't think I understand your suggestion.  Do you mean like:

    projecta alias set

    [group]group_name -> projecta

    [group]group_role->projecta_contributor

    etc...

    Thanks,

    -Mark

  • DCTM_Guru
    DCTM_Guru
    edited January 27, 2009 #4

    It does NOT reduce the overall number of ACLs, since you only defined 1 acl template.  It may reduce the number of groups that you have to create if you assume that a user can only belong to one of those groups - your example is correct.

Categories