External Permissions

Owned by Alexis Rombaut
Last updated: Jul 24, 2024
1 min read

Introduction

As described in Permissions: Users, Groups & Records, groups mediate the access by users to records. Nowhere in this design, it is mandated that the user, group or record belong to the same organisation.

Internal versus External

We have two situations in which we speak of an external case

  • A user from an organisation is linked with a group from another organisation

  • A record from an organisation is linked with a group from another organisation

Internal is the opposite case when the user and group or record and group are from the same organisation.

External Permission

If one wishes to share records across multiple organisations, one can do the following

  • Create a group in the primary organisation, for example, called “Share”

  • Link users from different organisations with this group “Share”

  • Selectively assign the group “Share” to records one wishes to share

Use Case: DigiHaven

For DigiHaven there is a record type called “Series” which we wish to share with all organisations once published. To realise this one does the following

  • Create a group “Published series” in the primary organisation

  • Assign the group “Published series” when publishing a series

  • Make all regular users from all organisations member of this group

  • → Regular users from all organisations see all published series

Use Case: Meemoo

For the large multi-tenant environment of our customer Meemoo, we want to share records for review

  • Create the group “Reviewers” in the primary organisation

  • Assign the group “Reviewers” to selected content during ingest

  • Make users who have to review records across organisations members of this group

  • → The reviewers can review and edit selected records across all organisations