The new multi value security labels look great and will improve flexibility to fulfil different requirements in that area. However I see one more critical element missing right now
“What will/should a security label control?”
1. Access to Meta Data
2. Access to Representation
3. Access to Content
Security labels got introduced to block the complete access to the object metadata even this is the most uncommon and just an exception because attribute values are
1. the least critical, except cost and BOM information
2. can be often configured easier with dedicated contexts or domains
From my experience customers typically prefer to grant access to meta data since it helps
1. to identify the correct responsible user or department
2. to show complete structure information and be able to collect objects
3. to reduce user confusion by error messages since something can not be loaded completely
I am convinced that it would be an great enhancement if each label could be configured to which level it should show information.
Like “No Access”, “+Meta Data”, "+BOM", “+Representation”, “+Content”
By this you can configure the label to grant full access by adding all values
Confidential Label
“+Meta Data”, "+BOM", “+Representation”, “+Content” -> Role1+Group1+Group2
“+Meta Data”, “+Representation” -> Role2+Group3
“+Meta Data” -> ALL
Production Plant Label
Houston (“+Meta Data”, “+Representation” ) -> Group PP_HOU
Munich (“+Meta Data”, "BOM", “+Representation” ) -> Group PP_MUC
Budapest (“+Meta Data”, “+Representation” ) -> Group PP_BUD
