When the access rights of user and group definitions overlap, the following rules, listed in order of precedence, apply:
User Fred is defined with the following database access:
FINPLAN R CAPPLAN W PRODPLAN N
He is assigned to Group Marketing, which has the following database access:
FINPLAN N CAPPLAN N PRODPLAN W
His effective rights are set as:
FINPLAN R CAPPLAN W PRODPLAN W
User Mary is defined with the following database access:
FINPLAN R PRODPLAN N
She is assigned to Group Marketing, which has the following database access:
FINPLAN N PRODPLAN W
Her effective rights are set as:
FINPLAN R PRODPLAN W
In addition, Mary uses the filter artifact RED (for the database FINPLAN). The filter has two filter rows:
Access: Read. Member specification: Actual.
Access: Write. Member specification: Budget, @IDESCENDANTS(“New York”).
The Group Marketing also uses a filter artifact BLUE (for the database FINPLAN). The filter has two filter rows:
Access: Read. Member specification: Actual, Sales.
Access: Write. Member specification: Budget, Sales.
Mary’s effective rights from the overlapping filters, and the permissions assigned to her and her group:
R: Entire FINPLAN database.
W: For all Budget data in the New York branch.
W: For data values that relate to Budget and Sales.