As we already saw how to organize roles in the previous topic, this part will focus more on the professional approach. With a very small budget compared to those that many IT departments require, we are nevertheless going to see how this solution can fit into professional contexts.
By taking a look at the following image and comparing it with the home scenario, we can see that the use cases for a company are organized into a different architecture in order to connect users. In addition, we can easily guess that the repartition of roles will be totally different because of the clear differences between departments.
The company's network is now structured as "grapes" with dedicated subnetworks for each department's activities. As the IT manager, you have to define roles:
- The welcome presentation: This is a movie player for customers
- Guests: This gives your visitors and customers access to some of your content
- R&D department: This needs to listen to music, access company streaming contents (for example, e-learning), and podcasts
- Media department: This provides contents and podcasts
- Marketing department: This has access to movies (presentations) and podcasts
- IT department: In a word, you are responsible for administration, but this role can be split into many people
If you remember the table from the previous home scenario in the same Group management section, you might remember that we had quite the same repartition between users' types and their roles. Some differences remain, as we split more roles within our users; so, Editors will manage the site's contents only, while the Uploader Admin will manage upload attributions except the Editions ones.
Therefore, with these exclusive roles, rights management is guaranteed, as only Admins will be able to get all the roles.
So, we will set some roles, as shown here:
What we can see in the preceding screenshot is that a part of the administrative tasks can be shared with trusted people. So now take as an example the IT department being made up of the following roles:
- Admin
- Editor_master
- Upload_master
These roles also share some group attributions with the following:
- User1_RnD: Editors
- Mediadept_user1: Upload Admins
These have some delegating ability but not complete admin rights.
What about users such as John Doe from the marketing department and the presentation player in the hall? Actually, as they don't provide content, they don't need special user access; therefore, they just need to be authenticated logged-in users.