For many years Claromentis allowed intranet administrators permission to see all the data on their Claromentis system for the applications they have admin rights to.
This seems perfectly logical. For example, if you are an administrator for the People app, you need to be able to create, edit and assign permissions to users – at least in the granular sense that an intranet needs when layered on top of any central system like AD or eDirectory. If you are an administrator for the Document Management System (DMS), then how can you cancel editing on a document when someone has gone on vacation without freeing it up for others that need to work on it – unless you can see the document?
But as the web platform world has expanded and become ever more powerful we have many situations where the assumption that we should apply God-like permissions for all relevant data to an application administrator at times makes no business sense at all.
With recent releases we have implemented great solutions for precisely these two areas – the People app and the DMS.
In People, we can actually define who sees each field, who can edit, and under what conditions. We can say whether the People list in the admin panel shows anything at all about a field.
In the DMS admin panel, we can either give the administrator rights to see a document, because we feel they need to – or we can make it so that the system is locked down – DMS administrators can see that a document exists but cannot see the content of the file at all.
As the world of intranet platforms has moved on we certainly can continue to give power to the people – but now we decide exactly to whom and how much!