Scenario 3: Customer access to an internal database using Public Queries folder queries

This scenario illustrates how to grant customers access to an internal user database using a limited set of queries in the Public Queries folder.

It is sometimes useful to allow customer access to an internal HCL Compass database to view records associated with their issues, submit new issues, and view other relevant public information. At the same time, it is important that the customer users at one company not see another company's information.

In this scenario, each user at a customer company has their own Personal Queries folder in an internal company database. There is also one folder in the Public Queries folder that all users at the customer company share.

The Security Administrator performs the following steps.

  1. Creates a group for the users at Company A called CompanyAUsers.
  2. Adds users at Company A to the CompanyAUsers group.
  3. Grants Read-Limited permission to CompanyAUsers on the Public Queries folder.
  4. Creates a folder in the Public Queries folder for these users called CompanyAFolder.
  5. Grants Read-Only or Read-Write permission to CompanyAUsers on CompanyAFolder.

Result: Customer users who are members of CompanyAUsers can see their Personal Queries folder and CompanyAFolder, including the contents of each folder. If the customer users have Read-Write permission on CompanyAFolder, they can also create and modify items in this folder, including the subfolders.

Scenario 3a: Customers manage their company folder

In this alternate workflow, customer users are separated into two groups: one containing general end users and another containing end users who have permission to administer the company folder, CompanyAFolder. The general end users have Read-Only access to CompanyAFolder, while select users have Read-Write access.

The Security Administrator performs the following additional steps:

  1. Creates a group for customer administrators, CompanyAAdmin.
  2. Places customer users in the CompanyAUsers or CompanyAAdmin group, depending on their role. It may be appropriate to place some customer users in both groups.
  3. Grants Read-Limited permission to CompanyAUsers and CompanyAAdmin on the Public Queries folder.
  4. Grants Read-Only permission to CompanyAUsers on CompanyAFolder.
  5. Grants Read-Write permission to CompanyAAdmin on CompanyAFolder.

Result: Users who are members of CompanyAAdmin can modify the contents of CompanyAFolder, while those who are only members of CompanyAUsers cannot.