Scenario 1: Allows access to all other employees' folders and objects
All employees in your company work with the same set of objects (campaigns, offers, templates, and so on). Sharing and re use of objects are encouraged; there is no need to make sure that groups of employees cannot access each other's objects. Access is restricted only by the employees' roles within the organization.
Solution: Use the global security policy
Only a single security policy is required, as objects do not have to be separated by group or division. In the existing global security policy, examine the default roles and modify them as needed to correspond to the requirements for the employee jobs. You can also create custom roles as needed.
The default Owner and Folder Owner roles automatically allow users full permissions on the objects they create. You can define additional roles to restrict access to objects created by other users.
For example, the following table illustrates a subset of the permissions you can configure. In the example, a Manager has full access and editing permissions for campaigns and offers. A Reviewer can view campaigns and offers, but cannot perform any other action with them.
After you define roles, assign employees to the roles that correspond to their job requirements. You can assign employees individually, or by creating several groups. Assign each group to a separate role and make employees members of the group that has the role appropriate for their job.
| Folder Owner role | Owner role | Manager role | Designer role | Reviewer role | |
|---|---|---|---|---|---|
| Campaigns |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Offers |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|