Scenario 3: Restricted access within a division
Employees within a division of your company require read access to the same set of objects (campaigns, offers, templates, and so on), but they are allowed to edit and delete only their own objects and objects in folders that they own.
Solution
Define a Read-Only role that grants only read permissions on objects. Assign all users within the division to this role. Keep the default permissions as defined for the Owner and Folder Owner roles.
If your company requires only a single security policy, you can use the global policy and assign all users to the Review role.
Each user is allowed to edit or delete their own objects (under the Owner role) and objects in their own folders (under the Folder Owner role), but only view objects and folders owned by others (under the Read-Only role).
The following table shows a sample subset of the object permissions for this scenario.
Object permissions for Scenario 3
Functions/Role
Folder Owner
Object Owner
Reviewer
Campaigns
Add Campaigns
Edit Campaigns
Delete Campaigns
View Campaign Summary
Offers
Add Offers
Edit Offers
Delete Offers
View Offer Summary
Copyright IBM Corporation 2012. All Rights Reserved.