Users would like to know how they can easily change permission on a hierarchy in SDD 3.x.
In order to change the permission of a File or Folder in SDD, the user needs to have Manage permission set to ‘Yes’ for their userid. To change the permissions down a whole hierarchy, the user needs to have Manage permission set to ‘Yes’ for their userid for All Files and Folders in the hierarchy. By default, the creator of an object becomes the Owner of the Object and by default, this user has READ and Manage permissions set to Yes. If the inherited permissions do not include the user that plans to alter the permissions of the hierarchy (for all objects) the attempt to change the permission will fail. In order to modify the permission down a hierarchy that has various, different permission for the user, the user will need to have the Policy: User can manage the owner of an object If the user has this policy, then they can re-set the ownership of the entire hierarchy to their own user account. Once this is completed, via the default SDD permission ability, the owner will have the capability to alter al the permissions down the given hierarchy.
There are two difference Edit Permissions options to choose from to alter the permissions, they are: “Apply changed settings to sub-objects” and “Overwrite all permissions on all sub-objects” in the Edit Permissions options. The difference between these two options are, the “Overwrite all permissions on all sub-objects” will remove all existing users and groups and replace them with the list that is currently in the Edit Permission window. Any additional groups that might be added
below this are in the hierarchy will be removed. This is a best practice for locking down a hierarchy (setting to read only). The option, “Apply changed settings to sub-objects” will only make changes to the groups that are currently listed in
the Edit Permission window. Any other groups or users that are set in down the hierarchy are not modified.
This is what we suggest. Do you use this same approach or a different one?