--DISCLAIMER: The information contained in this e-mail and its attachments contain confidential information belonging to the sender, which is legally privileged. The information is intended only for the use of the recipient(s) named above. If you are not the intended recipient, you are notified that any disclosure, copying, distribution or action in reliance upon the contents of the information transmitted is strictly prohibited. If you have received this information in error, please delete it immediately.
Without a better understanding of the company structure and the rhyme and reason behind it, it is difficult to give a recommendation.
Why would you setup 100’s of companies, assign a bunch of users unrestricted, and then not want to have multi tenancy setup? These all contradict each other. The fact you have multiple companies means the system is setup for multi tenancy. Giving everyone Unrestricted Access essentially negates the multi tenancy you setup. This is a common setup I have seen but a very bad one. If you want to give everyone unrestricted access, just have one company. Unrestricted Access is set at field 1 level and not at field 112. I would recommend setting up your permission groups/companies properly and removing unrestricted access from everyone. Why put unnecessary customizations in place because the system is not setup properly? Unrestricted access should be reserved for special users like admins and system owners.
This is on ARS 9.1.02.
We have a range of users making use of both Atrium and Change Management. We have a range of CIs uploaded against a large number of compaies, and users have always been given unrestricted access.
A recent requirement has involved us wanting to restrict visibility of some CIs to specific users. Multi tenancy would not be viable (as there are hundreds of companies within our system), so I had thought that replacing the value for "Unrestricted Access" in field 112 in Base Element for the relevant CIs with another permissions group, and adding that permissions group to the required users would have the desired effect. It does not work - profiles without the new permissions group can still see the "locked down" CIs.
Has anyone else implemented anything along these lines?
ARSList mailing list