1 Reply Latest reply on Aug 9, 2018 6:42 PM by David Hearn

    AF Contact Security Granularity

    TimCarmichael

      In looking at granularity for AF contacts, contact groups, notifications and notification templates, I believe the following to be true:

           Contact and Notification Contact Templates are maintained at the AF Server level and access can be granted/denied by identity

           Notification Rules and Notification Rule templates are maintained at the AF Database level and access can be granted/denied by identify

       

      HOWEVER, if an identity has access to an item such as contacts, that is access for ALL contacts; an individual contact for example cannot be 'owned' by one individual only and have read/write/edit access excluded for other users that have read/write/edit access to contacts in general.

       

      Also, an identity can have read/write/edit access to contacts to update distribution lists, but does not necessarily have read/write/edit access to the notifications that use these lists. That is, they can add or remove an address from the contact, but not add or remove contact groups from the notification.

       

      Can I get someone to confirm/deny/clarify my assumptions?

        • Re: AF Contact Security Granularity
          David Hearn

          The AFSecurity class documentation describes the security for an object in AF. Most Contacts are defined by Active Directory and will be read-only in AF, but you can define additional Contacts and set their individual security. Library objects like Notification Contact Templates and Notification Rule Templates can have their individual security set but will always have read permission for everyone that has read access to the PI System (for Notification Contact Templates) or the AF Database (for Notification Rule Templates).

           

          Notification Rules can have their individual security set and will allow you to deny read access to some identities.