Do you have a QDF administrator that manages the 0.Administration VariableEditor application? If so, then how is security setup on that folder. Do you give Admins full rights and the developers Read or None? Or do all developers get full access to the entire SourceDocs folder and you hope they don't break anything and track every change so it can be rolled back if it affects someone else's project.
I have a similar question for the with 99.Shared_Folders. Should developers have full access or should they have read access and send requests for new objects to the QDF Admin?
I read once that the developer could take his container with him to his local machine and copy changes to the server, but I don't understand how that would work without the parent level 0.Adminsitration and 99.Shared_folders being on their machine.
Currently, the developers work directly off the server and they have read access to 99.Shared_folders. When they need a container I create it and give them full access to it.
Thoughts?
Hi Phillip, the idea is that only administrators have access to the Admin container. As security is inherited downwards setting different security settings for different containers is quite easy, to prevent security manipulation use change access instead of full controll. The idea of shared is that all developers have access to this resource in test environment so that they can move reusable resources, else there is a risk that developers does not reuse between them. When the app goes into production the reused resources need to be validated and copied into the production shared container by the administrator/system owner.
Hope that this helps.
Best regards
Hi Phillip, the idea is that only administrators have access to the Admin container. As security is inherited downwards setting different security settings for different containers is quite easy, to prevent security manipulation use change access instead of full controll. The idea of shared is that all developers have access to this resource in test environment so that they can move reusable resources, else there is a risk that developers does not reuse between them. When the app goes into production the reused resources need to be validated and copied into the production shared container by the administrator/system owner.
Hope that this helps.
Best regards
I am not sure what "Change Access" means in your statement "to prevent security manipulation use change access instead of full control"
I am in a windows environment and when a developer requests a new container I create it and give them full control on it. For \99.Shared, in development, I have given the developers Full control. Nothing has been setup in Production yet.
I have setup the Win 2012 R2 Shares via Server Manager > File and Storage Services > Shares
I have 3 shares
It seems like there are some redundant entries. But maybe it is supposed to look like that as I go deeper into the nested folders. I am not sure how you get "Inherited from None", or why the local Users has two entries, one for read and execute on this folder, sub folders and files, and then special on this folder and sub folders.
Hi Phillip, sorry for late reply ive been on holiday. with change access I mean that the users (other than Admin) have not full access control. The users should not have change permissions and take ownership access in the folder structure.
Will have a look in the documentation and add this if missing.
Hope that this helps.
Best regards
Magnus
Thanks for the update. I think I am close.
Admins have full access to everything in the \QDF. The Admin's full control rights are inherited in every new sub folder that is created.
DEVELOPERs have full access to \99.Shared
And when a Developer asks for a new container. Let's say a Finance container. I create this is the ADMIN variable editor. Then I give the Developer FULL ACCESS to the Container. I assume if I already Shared out \99.Shared then 10.Finance should show up their explorer also.
Ok, great that you have control of the situation.
/Cheers