I am wondering if I assign 2 roles directly to 1 user, what will happen?
The real situation is:
These’s a user called Tom who have a “Sales” role which can only view/edit Owner’s records, and he’s in a group called “West”. But Tom also has his own team, so he need a “Manager” role which can view/edit Group members records in a group called “Dealer”.
That’s the problem I encounter: How to make Tom a Owner’s roles in group “West” and at the same time have Group members roles in group “Dealer”. Tom need 2 roles in 2 groups.
These things always confuse me, but I think you can do what you need if you just change the way you’re approaching it:
users can belong to more then one Security Group, so they get additive accesses from each
you can create the variation you need by multiplying groups, not roles, so you can have groups called “Dealer West”, “Dealer East”, “Sales Manager” “Sales person”, etc. Mix two concepts for each group, so then you can have a single role per group but keep all your options available.
Hmmmm, You gave me a new idea to get what I want, thanks!
And I am afraid that I have to document those groups with their detail roles, since now god and I know what I am doing, but maybe 3 month later, only god knows what we did… LOL