I have an application where read and write access is controlled by a Reader and an Author field to control viewing and editing access by country. It isn't working as expected.
Basically I have a document where the Authors field contains the roles:-
The Readers field contains the following roles:-
The ACL is setup as follow:-
"Uk Group" with Reader access only and the [UK] role (to allow anybody in the Uk group to see UK documents)
"Editor Group" with Author access and the [ED] role (to allow them to edit any documents the Readers field allows them to see)
"Power User Group" with the [PU] role (to allow them to edit all documents they can see and also lets them access setup functions)
The idea is that only people in the UK group have the [UK] role and therefore can only see the UK documents and then only people who have either the [ED] or [PU] (Editor or Power User) roles (as well as the [UK] role) can actually edit documents for the UK.
A person setup as as editor for the UK ([ED] and [UK] roles) can incorrectly see other countries documents as well when they should only be able to see UK documents.
Any ideas? Sorry it's a bit muddled, I can clarify anything if needs be..