There is also a more intuitive design method business email list for data permissions, that is, don't engage in those fancy concepts, I just want to share "this part" of the data with "that part" of people, simple and direct, how to do it?
In other words, if the above permission design system cannot meet the business scenario, can we provide a direct data sharing method?
The design of "sharing rules" may be a solution. Generally speaking, sharing rules address two types of scenarios:
Share the data of a specific user with a specific user.
Share data that meets specific conditions to specific users.
Of course, the "specific user" here is not only the user itself, but all container concept elements (departments, groups, roles, etc.) that contain users should be included.
7. Manual sharing
Although sharing rules are convenient, they cannot solve a more terrible data permission scenario. Some sharing scenarios cannot be predicted in advance. They are random and anytime, anywhere. What should I do?
In fact, the precondition of this scenario determines the way of permission design. Since the rules do not work, it should be specified manually.
The data permission design for manual sharing is completely based on the free will of the owner of the record.
It should be noted that when the ownership of the record changes, the manual sharing relationship should be released directly. The owner of the record also needs to be able to view and modify it at any time, and the current manual sharing of this data.