Hello everyone!
Foreword and problem statement
There are several subcategories of terms. I need to set up access for manager and steward of each subcategory so that:
- The steward of certain subcategory is able to create new terms, edit old ones in his subcategory only. However, he can not publish any changes
- The manager, in addition to above, can publish changes, but also in his own subcategory only.
I have the list of questions concerning access management in v.14.2:
- Is it possible to grant ownership to node? And if it’s yes, how can I implement it?
- Do you know any way to solve my manager-steward task? (there are my understanding of the solution below)
- In States of approval workflow
- what are the “User roles” : governance or identity provider ones? (looks like the second ones, but doesn’t work)
- what is the “OWNER” for this version of workflow?
_______________________
There is a long prelude to where the questions came from.
Version: 13.9
There is the ability to create a special capability to be the owner/editor/viewer of some node and assign this capability to some role or user.
It’s configurable to make a creator of a new term an editor, not an owner. So that the steward cannot publish changes and manage access to it.
For instance, the user with the term-manager role becomes the owner of all existing terms and the owner of all new created ones. (If the user creates the term by himself, he becomes the editor as a creator, however he is the owner also, as he is the owner of the node) and he has owner’s abilities to this node. There is no need to change settings of default approval workflow, because term-manager is the owner of the asset.
At the same time, the user of the term-steward role becomes the editor of all existing terms and becomes the editor for new created ones (no matter who created the term) and he has editor’s abilities to this node and viewer’s ones to parent node.
However, there is no possibility to be in one operation set for parent node (e.g. viewer for terms) and in another operation set for child one (e.g. owner or editor for terms/businessPartner)
Version: 14.2
The access management is changed, and now I have a problem not only with different access levels for parent-child nodes, but with ownership of new created entities also. Any data asset is visible to its creator only, until he shares access to someone else.
In v.14.2 there is the possibility to run a plan from ONE Desktop and share access level (full, edit or other) to all existing terms for any user, so manager may get full access to them in any stage of entering the project. However, I cannot handle access management for new created terms.
For the role, I grant View data Access Level to Term node and Full access to Business Partner node. Though, the user of the role cannot create new businessPartner term (in general, any term). It seems like when I give only view properties to the terms' node, these properties are applied to all child nodes, and it’s not possible to promote access level to a specific child. (Maybe I’m wrong?)
Here, I see two ways:
- The creator shares full access to term-manager, so the manager can see and manage request and approve & publish or reject changes.
There are a couple of problems. Firstly, it doesn’t work for the settings of parent and its child node described above. Now I need to give full access to terms’ node, and it’s not appropriate for the described task. Secondly, whether it works or not for parent-child nodes’ access management, for the described task the creator is the steward and if he is able to share an asset, then he can share full access to the asset to himself, as a result publish any new entity by himself - this is also not desirable.
(And editing approval workflow didn’t help - additional workflow user role - even when the full access is shared with manager)
- Sharing the ownership of the node with the manager, if it is possible to execute.
Here we return to the list of questions at the beginning of the topic about node’s ownership and configurations of approval workflow.
I hope, I could explain my difficulties, and you can help me with them.
Thank you so much for reading and trying to help!
Very respectfully, Manzura.