Designing the Access Group Hierarchy
Access groups are arranged in a hierarchical tree structure. The tree determines ease of maintenance and openness of information flow. Simpler trees make it easier to provide adequate information access. Complex trees are more time consuming to maintain but offer more specific information control. The access group tree and information control is specific to your company. Use the information below to guide you in building your access group structure.
Accolade installs with a default access group called Root, which is always at the top of the tree. You cannot delete this group; however, you can rename it. All additional groups are either a child of Root, or a child of another access group in the tree. Thus, a user who is a member of Root has access to every project and document in the system.
Users can search for documents, projects, see links to projects, and see chart and report information about projects and reference tables that are assigned to the same access group to which the user is assigned, or an access group that is in the same branch. In the hierarchy above, a user assigned to Group A is able to access projects and information in Group A, but not access to projects and information in Groups B, C, or D.
A user assigned to access Group B is able to see information in Groups B, C, and D (because Groups C and D are children of Group B), but cannot see information in Group A.
Example
A consumer goods company has business units named for the general categories of the product types they develop, such as:
- Beverages & Snacks
- Healthy Living
- Restaurant Supplies
The company has created access groups named for each business unit. Optionally, a company could create access groups under each business unit representing brands within each unit. For example, in the Beverages & Snacks business unit, there are brands for Drinks, Fun and Convenience, and On the Go products.
Depending on security needs, users can be assigned at the brand level (Drinks) or at the business unit level (Beverages & Snacks). A user added to the Beverages & Snacks access group can see everything in Drinks, Fun and Convenience, and On the Go, but cannot access any projects in the Healthy Living or Restaurant Supplies business unit.
If a user is assigned at the Drinks brand level, they can access all the projects in the Drinks brand but not in the Fun and Convenience or On the Go brand.
Note: If Accolade Innovation Planning is enabled, a second default group, [Innovation Planner Default] is added as a child of Root. It is the group to which all planning elements are added when they are created. You cannot delete this default group; however, you can rename it, and you can assign planning elements to a different access group once they are created.
In the most open tree, everyone is assigned to Root and has access to all information. Or, perhaps only a few users are assigned to Root and a few others are in groups part way down the tree. In the later of the structure, team members can access only the information in projects to which they belong. Only a few users, such as Executives, can see project information from more than one group.