Let's say you have 3 groups of users, group A that just need to be able to see the wallchart but not change anything, group B that can amend bookings at will but not amend anything else and group C that have full control over everything.
You could create 3 roles under row level access - named (say) - RoleA, RoleB, RoleC. Give RoleA read access only to the BKG, RES, JOB, CRD and CMP tables. Give RoleB the same but read, insert, update and delete access to BKG, and give RoleC the same but read, insert, update and delete access to all 5 tables.
Assign RoleA to users in group A, RoleB to users in group B and RoleC to users in group C.
You would need to use field level access if you had a situation where, for instance, you had a fourth group of users who were allowed to edit, say, the 'telephone number' field in resources, but not to edit any of the other fields in the resource table. It basically allows you to specify a finer granularity of access restriction.
|
