This section describes a "real-world" situation that might require read-only privileges to be applied to a top-level project.
Note: Before securing a top-level project, read the section Read-Only Privileges on Projects for details on operational constraints. Pay particular attention to the section Read-only on top-level projects.
In this scenario, several onsite engineers are responsible for maintaining a top-level project, ProjectXYZ. Consequently they require read-write privileges for every project folder.
The operators responsible for monitoring plant operations will use the project at runtime only; consequently operators only have read-only access to the project.
The system administrator on site first identifies those employees who will use the project, and then divides this pool of users into two user groups:
This is shown in the illustration below.
The administrator creates two user groups to make administering users easier: ProjectXYZEngineers and ProjectXYZOperators, and assigns engineers to the first group, operators to the second.
Note: Creating user groups is optional and makes it easier to handle privileges for multiple users. Creating user groups may be unnecessary if you only have a few users.
The administrator then assigns engineers read-write privileges to the top-level project folder, and operators read-only privileges, like this.