Roles and Groups intersection


We have a scenario where we would like to assign access rights/permissions to a specific user base for a specific task, however based on a Role and Group (intersection).
i.e. to explain:

We have Roles such as:
R1: Admin
R2: Clerk

And Groups such as:
G1: A
G2: B

In WM Task Assignment we are able to assign permissions via Roles and/or Groups; when adding in the assignment you are able to choose the specific Role (i.e. R2) and Group (i.e. G1), however this currently give access/permission to all members in the selected Role and to all members in the selected Group (i.e. applies Union).

Currently Assignments Apply UNION, we however are trying to apply INTERSECTION of R2 & G1.
Is there a way to apply this Role/Group Intersection assignments (or any other native WM functionality)?


No the system has no mechanism to anything like that. You would probably be better off keeping it simple and create a new role that contains just the users you want to give the permissions to.



You could try another way which is to have roles for the operations (functional and operational privileges) and objects (processes, services, tasks).

In my case, I have defined a Role for each of those: normal user, administrator, etc and for each of the processes and tasks. Each of these roles is mapped to a specific AD group (lets call them group roles).

Using the Active Directory, I manage to cross both kinds of Roles, for specific users or groups of users, by specifying to which group roles they belong.

If not using AD, you may want to use another kind of LDAP server.

Hope this helps.

This discussion might give you more hints:

Best Regards,