Just a general question about how you EPDM admins have set up your users and groups. Have you mimicked your company's departmental structure in the setup of your vault? Or, have you done something more simple...such as data viewers, data creators, and managers... Could you list how you structured your users and groups and why?
Appreciative any feedback you can give.
It is a very difficult question to answer...
It depends on how open / closed the access is to your files.
It depends on whether or not you restrict access to certain files (eg library files).
It depends on how many users / departments you have.
And it depends on your strategy for storing files and hence your access rights strategy - by project, by type, ...
If you need to restrict access then I think it is best to sit down and figure out what different types of documents you have that will be stored in EPDM. Then determine each of the following:
Who owns the document type?
Who edits the document type?
Who approves the document type?
Who needs to "see" the doument type?
Also, does any of the above change over the lifecycle of the document?
Once you have a clear idea of what access rights you need the structure of how to set up those rights becomes a lot easier to determine.
Tim,
Thanks for the response. We will be migrating from WorkGroup into EPDM and all of our data currently is created and maintained by our engineering department. With EPDM and the ability to automate some business processes, I could see other departments needing to author/edit documents in the vault as we hopefully progress with the use and gain efficiency in our company. We would like the possibility of putting our ER (ECO) process into EPDM and that would need to incorporate at least the managers of the departments for ECO sign-off. We can keep the process simple at the moment to just get up and running more quickly, but if we would like the ability to do more of what I mentioned down the road, then it makes sense to me to mimick the organizational structure of the company from the get go. For a large percent of users in the company, they will probably just see PDFs of released drawings all sitting in a single folder.
We have our groups set up by department. We also have department groups for approvers of specific areas. About 56 groups, even though some of those groups are just place holders for when that department starts using ePDM.
We set it up this way because we don't just use ePDM for CAD files, our goal will be to have just about the entire company using the vault for files. Also we want the permissions for viewing, editing, or approving to be pretty tight.
Laura,
Thanks for the response. Our thinking seems to be in line with what you have done. Good to know.
We also have this structure with multiple groups by Department and/or Task.
We have users that belong to several groups : i.e. Document Control & Material Control.
Pete,
I know a few admin's and myself only use groups to set permissions. Even if there is only one person in a group. Setting permissions to individual people is very hard to keep track of. Also if a person leaves you just add there replacement to the group and you wont have to say "what permissions did the the guy have".
Craig,
We have had that same discussion here. We are even thinking about groups of 1 person as you mention. Perfect example might be the "Engineering Manager" group. If there is a change in personnel down the road, its easy to change who is a part of the group and have all permissions come with that, then to go to all the places where that person what factored and change it to another person (yuck). I like the rule of only using groups to set permissions, as we work through this.
Anyone? I am wondering how we might best set up users here. Just following the department structure makes some sense, but I am wondering if there are any sage words of advice.