Avoiding ACL proliferation - how to?

Hello DCTM colleagues,

Any idea, suggestion or opinion on some best design practices for the following scenario would be great.

Consider the following requirement driven scenario:

-> One DCTM document can be "forwarded"(*) to another different user (which can forward it subsequently as well)
-> The users can be in the same "user group" or in different ones (different departments)
-> In the end, all the users to which the document has been forwarded to (sometime during its lifecycle) should have access to the document.

(*) - By "forward" here we mean the same conceptually as in an "e-mail" forward, meaning that the first user wants the second one to access the document for some reason - and therefore "hands" the document to the second one.

How to avoid ACL proliferation?

In a "too simple" approach to this problem, we could consider that each document would have a different ACL - that would "grow" every time the document was forwarded. This is obviously not a very "interesting" - performance & maintenance wise - solution, I would say. Or is it the only option?

Any ideas on this?

Although it seems to be a not to complex "requirement" I am having some issues designing a non compromising solution for it, so I would appreciate any good ideas on this.

Cheers,

Virgílio

Find more posts tagged with

Comments

DCTM_Guru

The simple answer would be giving dm_world the appropriate permissions. Obviously, your business users would complain that they dont want to give world access, but my response would be is are they "limiting" the list of users that a user can forward to? If not, then there is really no difference then giving dm_world the same permissions.

riddelln

Theoretically you could dedupe the acls. Would require customisation though. You also would need to have enough commonlity across ACLs in order to make it worth while.