Rational Asset Manager - restricting view to assets with minimal administration (i.e. no groups)
Hi,
I have a scenario like this and I am not sure what's the easiest way to implement it using RAM:
Various development teams in my company have created assets and they are to be uploaded into RAM. However, each team has some assets which can be exposed (i.e. viewed, searched, downloaded by others), while the rest of the assets are for internal team use (the team does not want other people to even see them). Ideally, the team does not want to use two different repositories for storing assets, they only want to use one repository (i.e. RAM) for storing all the assets - whether they're to be exposed to others or not.
Currently, I already have RAM configured using roles so that all signed-in users can browse (i.e. read, search, subscribe), download, and create assets, and can modify only assets which they own/created.
I have also configured RAM so that each asset has an attribute indicating if it is "private".
I know above scenario can be satisfied by using groups and permissions - i.e. for each private asset, specify that only a particular group (i.e. the group which owns the private asset) can view the asset. However, the problem with this approach is that I will end up having to administer potentially a large number of groups. I also notice only administrators can create groups, I don't know how a regular signed-in user can create their own groups and do self-administration for the groups they created.
Is there a way to satisfy the scenario above without having to use groups?
Is there a way to customize the search so that results returned will not include private assets unless the user doing the search has permission to see the private assets?
thanks
2 answers
It took e a long time to circle back to this task. Thanks for your suggestion, Bradley.
What I ended up doing was creating a separate community with a role that allows all authenticated users to only create assets and do nothing else. When a user logs on to RAM, the user can create assets into this "private" community and the moment the asset is created, the user (by default) becomes the owner of the asset and can do everything an owner can. However, since all authenticated users for this private community can only create assets, no other authenticated users can see the assets in this private community unless they're either co-owners or specifically given permissions by the owners or administrators.
My objective is really to minimize administrative involvement and in my environment, I have the constraint that I can't expect a team of people to be trained to be "community administrators". When the owner of an asset (in this "private" community wants to have the ability to grant other users access or make other users co-owners, that owner still has to go through the administrator, but once the administrator gives the owner the privilege to manage access, the owner can take it from there.