Understanding Permissions

[tmcnicho]

Ok...

I've got a grip on permissions now, but I'm getting frustrated trying to get what I want accomplished.

Here's my board setup:

Vendora A's Category

• Employee 1
• Employee 2
• Employee 3

Vendor B's Category

• Employee 1
• Employee 2
• Employee 3

What I want, is for each logins for each vendor, to see all forums in their category. Employees should only be able to see their own forums in each category, and managers should be able to see everything across the board.

So far what I have done is create a usergroup for each vendor. I then created a group for all employees. I then created one for each employee (there are only like 10), so that if say, employee 1 was covering for employee 2 I could add employee 1 to employee 2's group and give them access that way. I have also created a usergroup for managers.

So far I'm accomplishing what I want thru forum permissions but its so much manual work. So where I hit my snags are in the way permissions cascade and when new usergroups are created. What I'm doing currently, is to select say the Vendor A Category, and click on "Deny All". I then set the employees usergroup, the managers usergroup, and the vendors usergroup to use default usergroup permissions. Then for each forum underneath, I reapply the deny all, and set the vendors and managers usergroups to use default (so they inherit from the category) and then on then finally utilize the usergroup assigned just the employee, giving them "allow" access.

This scheme produces the affect I want, however... I hit a lot of work if say I, create a new usergroup, because now I have to go down and deny on every, single, forum.

Right now its not a big deal, but eventually I'll have 20 vendors, with 10 forums in each, thats 200 times I have to reset permissions.

I have this gut feeling I'm going about this all wrong, if someone could help me out, I'd appreciate it!

Tom

[LordDB]

As far as I'm aware, your procedure is the norm, and there's no quick fix in this regard, sadly!

What business are you in?

[tmcnicho]

the business is manufacturing and selling collectibles...

I'm thinking though, that if i edit the default permissions for those groups to nearly no access it should basically give my deny all across the board, and when new usergroups are added, as long as they don't give more rights by default, it should keep people out...

hrmmm... that might work

the only problem is that silly registered users group... I'll have to deny read forum permissions to it to pull this off