Multiple Sites vs Sign In & Permissions - Best Practice

Permanently deleted user

March 29, 2018 13:37

Hi everyone,

 

This is a general question regarding how to manage the visibility of data to specific groups.  I am required to deliver data to 4 different groups who will only be able to view data specific to geographic area.  Do I create one site and mange the data with logins and permissions or do I create multiple sites specific to the areas?

What challenges have you encountered and what have been the solutions?

 

Thanks,

 

Gary

0

• 

  Permanently deleted user

  April 03, 2018 05:51

  I decided the best option was to use windows integrated groups and manage the permissions from geocortex manager

  0
• 

  Permanently deleted user

  April 03, 2018 05:52

  I should add, an issue we encountered was having a user in multiple groups would show them the permissions of their lowest group. So we modified the site.xml to set precedence for allow before deny, now an admin in several groups can see the highest setting of permissions.

  0
• 

  John Nerge

  April 06, 2018 14:00

  I agree with Sylvia, use permissions if at all possible. The main benefits:

   

  1) You can send everyone to the same URL

   

  2) You don't have to replicate and maintain multiple site and viewer settings

   

  3) It makes upgrading and migrating easier because you have fewer sites to rebuild

   

  But of course there's a threshold if it's more work to maintain a ton of permissions than it would be to make a different site.

  0
• 

  Permanently deleted user

  April 12, 2018 20:36

  Thanks Sylvia and John for sharing your experiences.

   

  Did you have to implimented any workflows to help with managing logins or permissions?

   

  (Hopefully this additional question isn't too vague.)

   

  Thanks again,

   

  Gary

   

  0
• 

  John Nerge

  April 12, 2018 20:41

  Once people start using an app and like it, they invariably want to add and/or remove people who have access to it.

   

  Always use security groups to manage permissions, not individual user accounts. If you don't have a security group that all the needed users are members of, create one. They'll be your best friend for managing your site permissions as people come, go, and want access.

  0
• 

  Permanently deleted user

  April 18, 2018 18:50

  Hi John,

   

  I'm delving into the security settings, but I just wanted to clarify something you said in your feedback.  By "security groups" do you mean just setting permissions at a Role level?  For example, I could create 2 roles based on geography, lets say "East" and "West", and all the employees in the East would access the site using the same generic credentials?  So in essence, there is only one "user", the East and all staff in use that to sign in.

   

  Thanks,

   

  Gary 

  0
• 

  John Nerge

  April 18, 2018 20:21

  Nope - when I say security groups I mean Active Directory security groups. Then to apply permissions you would use Window Integrated - Windows Group on the GE Manager's Permissions page.

   

  That way people sign in with their domain accounts, and the site determines what they see based on the permissions you set up on the AD security group they're in.

  0
• 

  Permanently deleted user

  April 19, 2018 13:30

  Thanks for the clarification John.

   

  Gary

  0

Please sign in to leave a comment.