How do you control access of two Users, who have same Role, but in different Company Divisions? E.g.

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/33e2704b-f84d-4466-b470-05dfbf7f6e40/image2018-11-15_16-38-42.png

In the above example, if you want Alan to get complete access to Company 100, and Blank Division, but you want to restrict his access levels in other Divisions, as above?

If you were to assign a Role created in M3, for this purpose, you would be required to create as many Roles as the Access Types.

VSE simplifies this, to a great extent, with concept of Child Roles.

When you create a Child Role in VSE, VSE would create, Roles for all possible permutations of access Types!

In the example below, The User, is trying to create, Child Role for Company 100, Division Blank, and all Access Control Types, Read, Write, NECR, ECR, ER.

Note:

NECR – New, edit, Copy, Read. (denoted as A in the Role Name)

ECR – Edit, Copy, Read. (denoted as B in the Role Name)

ER -Edit, Read. (denoted as C in the Role Name)

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/8a06b2c6-05e6-4ab3-9952-756d8a92bd9f/image2018-11-15_16-39-50.png

VSE creates, 5 child Roles, RK7100 A, RK7100 B, RK7100 C, RK7100 R, RK7100 W,

Where RK7 – Child Role ID

100 – Company

Space after 100 – Blank Division

A, B, C, R, W – Different Access Control Types

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/ac9a5963-e0ac-44d0-aad9-20180f3cf245/image2018-11-15_16-40-35.png

When such a Role is assigned to a user, VSE checks, for the users, Company-Division access types, and assigns, appropriate Access Controls.

In this example the User has, access to Company 100 and Divisions Blank and AAA. In Division Blank he has Write access and in AAA he has Access ER (C- only Edit and Read)