Isolating Clients with Permissions

To get a feel for what you can do with permissions, consider a software consulting business working in a vertical market—say, customizing software for window-washing companies. The company employs a number of consultants, each of whom should only be able to see cases related to the clients that they service. To provide faster service, the company also allows personnel from the clients to access their internal FogBugz server through special accounts. Of course, if an employee of a client signs on, they should only be allowed to see their own cases. In fact, if an employee of Highrise Window Washers logs on, the company doesn't even want them to be aware that Plate O'Glass Co. is also a client.

The key to making this work is to set up permissions properly in FogBugz. Whenever FogBugz shows a drop-down list of users, it will not include everyone. It will only list users that you might encounter because you share permission to access some client or department. For example, consultants Alice and Bob are working on the Highrise Window Washers account only, while Mike is working on the Plate O'Glass account only. Normally, Alice and Bob will see each other in the user drop-down list, but they'll never see Mike's name in a drop-down list or in a case, and vice versa. So if you make an account for the president of Highrise Window Washers in your FogBugz database, this name won't show up in drop-down lists when a Plate O'Glass client logs on. This helps keep all the clients happy and secure in the knowledge that you're concentrating all of your efforts on their behalf.

But . . . and this is an important but . . . if you set up any clients who are visible to all users, this protection is lost. For example, if the consulting company has a third client, the local Petting Zoo, and thinks that, heck, the Petting Zoo doesn't have anything confidential, we might as well let everyone in there, they run the risk that a Highrise Window Washers executive and a Plate O'Glass executive will run into each other's names in the user drop-down list, since they share access to the Petting Zoo, and flip out. In summary, if you need to isolate users from one another, you can never have any clients that everyone can access.

0 0

Post a comment