Access in Igloo ensures that only people with the relevant roles can see your private or sensitive documents, while also acting to streamline We've talked about Access in Igloo here before, about using it to shape the flow of content in your digital workplace, and what makes strong access essential to launching new areas. Today we'll build out best practices for using Access in general, and how it can affect the everyday use of your Igloo. Strong Access rules can help make your community scalable, making it easy to grow as your organization does.

Groups, not users

Igloo's access model uses Role-Based Access Control (RBAC), letting you establish specific permissions for Groups as well as individual people, and it's almost always better to use Groups. People can be part of as many Groups as they need to be in order to get the Access they should have, so you can set up a new Group for anything you need. Space Administrators can even create their own Groups, in order  to set up Access for specific projects or departments. 

Creating Access rules by user means that those rules will need to be changed everywhere if their role changes, or if someone new takes on that role. Group-based access lets Administrators or Space Administrators handle that through a single view, and it's often made easier by using the Bulk Member Upload to update their Groups, or automated through the Igloo LDAP Sync Tool. 

Inheritance matters

Access in Igloo cascades. Rules made at higher levels in the architecture of your digital workplace will cascade downward as far as they can, into all of the Channels and content beneath the item where the rule was created. This can be a huge asset, letting you set up strong Access rules at the top levels of your community and allowing them to filter into everything you need. Adding additional rules in specific areas can let you elevate people's permissions there, with the same cascading caveat. 

The inheritance can be disabled, which typically happens for folders with sensitive files, or areas with private discussions. This will break the chain of inheritance at that point, and let you set up new rules, which will then cascade down the rest of the way. This can create isolated pockets of your community that are exceptions to your usual Access rules, and it's typically worth documenting them in a policies and practices wiki. 

Setting up strong Access rules at the start can help your digital workplace be scalable and sustainable, and save your Administrators a lot of headaches in the years to come. 

If you have any questions about other best practices for Access, ask a question in the Community area, or consult the Knowledge Base.