12-09-2018, 03:08 PM
Well yes, I agree that you could and should do it that way. I just never understood the need for the differentiation between roles and profiles and setting privileges on profiles while really, you're setting them on roles. Like you said, I don't really see the difference since you're grouping profiles.
I think I have to change my approach as to how I set up profiles and roles. Semantically I would prefer users being able to have more than one role, since now I have to create roles that are called 'Administration and planning' and 'Administration' to reflect what those people do in the company. I'd rather separate those roles without mixing their privileges and add/remove them to users as needed. But I understand we can reach the same level of fine-grain control with the setup we have now and changing that would mean a massive undertaking.
I think I have to change my approach as to how I set up profiles and roles. Semantically I would prefer users being able to have more than one role, since now I have to create roles that are called 'Administration and planning' and 'Administration' to reflect what those people do in the company. I'd rather separate those roles without mixing their privileges and add/remove them to users as needed. But I understand we can reach the same level of fine-grain control with the setup we have now and changing that would mean a massive undertaking.