6 Replies Latest reply on Jan 2, 2017 2:11 PM by wimdecorte

    Full access hirearchy

    silba2021

      Title

      Full access hirearchy

      Post

      I realize that a "Full Access" means just that but is there a way to control this. I don't want one user with full access either deleting a user with full access or demoting their access. Is it possible to have one user that other full access users cannot delete or change.

        • 1. Re: Full access hirearchy
          philmodjunk

          Not and call it Full Access. Why would that user need full access privileges? Only people with the rights to develop the database should be full access.

          With scripting a non full access user can create and modify user accounts--provided you set the scripts used by them to do this to "run with full access privileges."

          • 2. Re: Full access hirearchy
            silba2021

            Thanks for the quick reply.

            Not sure I understand your first sentence.

            Is it an unusual practice to want a user to have the freedom to develop the solution as they wish, but restict their ability to lock you out of your own solution.

            • 3. Re: Full access hirearchy
              philmodjunk

              Yes, I'd say that is very unusual, if by "develop" you mean allowing them to make structural changes such as modifying tables, fields, relationships and scripts, but still insisting on control of security settings.

              • 4. Re: Full access hirearchy
                CarstenLevin

                It could be very logical to have the IT department controlling and setting up access while others could do all but manipulating access.

                • 5. Re: Full access hirearchy
                  Malcolm

                  Once you give another person [Full Access] they can do what they want. You have entered a trust relationship. If they lock you out you have lost trust and you have lost your database.

                   

                  People often want the freedom to add new layouts and reports without having to call for help. You are able to provide a user with less than full access and still allow them to edit layouts, scripts, etc. Scripted control of the user accounts lets them add/modify/remove user accounts. We do this in a few places and it works well.

                  1 of 1 people found this helpful
                  • 6. Re: Full access hirearchy
                    wimdecorte

                    Carsten Levin wrote:

                     

                    It could be very logical to have the IT department controlling and setting up access while others could do all but manipulating access.

                     

                    That would be the classic scenario for External Authentication... the IT department would be using the tools they know best and would not need to touch the FM solution at all.