I understand that Mayan EDMS is an Enterprise DMS, but even at that level, some documents might be shared between users. It adds complexity to create a role and a group just to view a document.
It is a matter of simplicity or flexibility.
Groups and roles serve different purposes. Roles grant access and groups are organizational units. Some systems merge both into a single object for the sake of simplicity but then will not work on some scenarios.
Mayan supports many authentication systems that either work by granting access via roles or via groups. To allow compatibility with both, Mayan was designed to use keep these objects separate.
MERC 0008 was approved to merge groups and roles (MERC 8: Unify Roles and Groups — Mayan EDMS 4.6.2 documentation). It has not been carried out due to breaking compatibility with many enterprise authentication systems used in large deployments like military, defense, judicial, criminal, where a single authentication realm handles many different tenants or when using federated single sign on.
We continue researching this topic to find a way to unify groups and roles.
This topic was automatically closed 4 hours after the last reply. New replies are no longer allowed.