Use the propagate
function to give users modify, delete,
or admin access to items that they create in either the database root,
or in projects, folders, or modules, but not to the database root,
project, folder, or module itself. Using standard access rights, you
would need to edit the access for each item that they created to give
them the additional access rights. If you propagate access rights,
you give users the additional access to all the items in the hierarchy
that inherit their access, but not to the item itself.
For example:
- You
want to let Marcus create modules in a folder. So Marcus needs
create access to the folder.
- You want Marcus to be able to
delete the modules he creates in
the folder. You do not want him to be able to delete the folder itself.
Using standard inheritance, you would need to turn off inheritance
for every module that Marcus creates in the folder. You could then
set up the access rights for these modules to give Marcus delete access
to them, but that would be time consuming.
Alternatively,
you can propagate extra access rights with create
access. This option is only available if the item has inheritance
turned off.
You can choose which extra access rights to propagate
with create
access:
- Modify (M)
- Modify and delete (MD)
- Modify,
delete, and admin (MDA)
The extra access rights are
not specific to a particular user or
group. They are propagated with every access rights entry that includes
the create access right. For example, a project has four access rights
entries, two of which (for Anne and Engineering) include the create
access right.
Table 1. Access rights with no extra access rights
propagated with create accessName |
Access rights |
Anne |
RC |
John |
R |
Engineering |
RMCD |
Everyone else |
RM |
You
decide to propagate modify, delete, and admin (MDA) access
with create. Access rights entries for items that inherit their access
rights from the project change as shown in the following table. The
access rights for the project itself do not change.
Table 2. Access
rights with modify, delete, and admin access propagated with create
accessName |
Access rights |
Anne |
RMCDA |
John |
R |
Engineering |
RMCDA |
Everyone
else |
RM |
The only entries that are affected are the ones that
included create
access. They gain modify, delete, and admin (MDA) if they do not already
have them:
- The entry for Anne gains MDA
- The entry
for Engineering gains A
The extra access rights are only
propagated to children (folders,
projects, modules, or objects) that have inheritance turned on.