Spotfire Ideas Portal
Currently, the way Spotfire library permissions are designed is that, by default, the Everyone group, has Browse + Access + Modify permission. If you don't want everyone to have that permission, you must modify permissions on individual folders. This type of access is like saying -- everyone has access to everything unless otherwise configured. I would like the option for permissiond to be set up such that -- everyone has access to nothing, except what is configured.
This came up recently regarding access for contractors. Managers in the company wanted to specify only the folders contractors can access, but because users can create folders and the default is that Everyone can browse + Access + modify, that wasn't possible.
Christian, thanks for the suggestions. There were a few things in your notes that I wasn't aware of.
Hi Julie, I feel that you can easily manage this by removing inherited permissions from all your folders. Granted, inherited folder permissions are set by default when new folders are created. But if you remove inherited permissions from your Library top level folders and then remove Everyone from all the top folders then you will be able to prevent new folders from having the Everyone group. You can also prevent users from creating new top level root library folders by setting the root level permissions to read only. Finally you can easily "police" for folders breaking your permissions policies by writing some queries against the Spotfire metadata database. Have a look at the Spotfire Metadata Queries community wiki page I created which shows how to get permissioning data programatically.
https://community.tibco.com/wiki/tibco-spotfire-metadata-queries#toc-5