As we already saw how to organize roles in the previous topic, this part will focus more on the professional approach. With a very small budget compared to those that many IT departments require, we are nevertheless going to see how this solution can fit into professional contexts.
By taking a look at the following image and comparing it with the home scenario, we can see that the use cases for a company are organized into a different architecture in order to connect users. In addition, we can easily guess that the repartition of roles will be totally different because of the clear differences between departments.
The company's network is now structured as "grapes" with dedicated subnetworks for each department's activities. As the IT manager, you have to define roles:
If you remember the table from the previous home scenario in the same Group management section, you might remember that we had quite the same repartition between users' types and their roles. Some differences remain, as we split more roles within our users; so, Editors will manage the site's contents only, while the Uploader Admin will manage upload attributions except the Editions ones.
Therefore, with these exclusive roles, rights management is guaranteed, as only Admins will be able to get all the roles.
So, we will set some roles, as shown here:
What we can see in the preceding screenshot is that a part of the administrative tasks can be shared with trusted people. So now take as an example the IT department being made up of the following roles:
These roles also share some group attributions with the following:
These have some delegating ability but not complete admin rights.
What about users such as John Doe from the marketing department and the presentation player in the hall? Actually, as they don't provide content, they don't need special user access; therefore, they just need to be authenticated logged-in users.