3 Replies Latest reply on Oct 24, 2013 9:15 AM by Matt Lutton

    Permissions groups with overlapping users

    Benjamin Fox

      I've looked at a variety of questions and haven't found the answer yet. I am setting up a large server with various projects and permissions. I'm using active directory as a way to set up groups because it is a large base of users. I'd like to not set up different sites for permissions but do it just through the project permissions.We have a core based license and want to have a project where all users can publish and interact. But other projects where only other groups would be able to publish or interact.


      The problem comes that the groups that I want to be able to publish and interact in the more secure groups also exist in the "everyone" active directory group. For example I could have an "Executives" group. So if I deny the "everyone" group from project GlobalStats, but give rights to the "Executives" group then the execs can't see any reports because Deny trumps Allow.


      Is there an easier way to set this up than by doing an individual permissions, or finding different groups that will contain everyone? I know there is the inherited permission, but can't figure out how to use it properly for this instance.


      Thanks for any help!