Hi @Walter.Koller,

Thanks for taking the time to raise an idea.

It should be possible to achieve what you describe today using existing MTE access rights in Design Studio. If you create a folder and apply restrictions to it, you should be able to grant/deny individual user roles the ability to create folders within the restricted folder, preventing them from adding additional folders and/or changing existing ones as required.

Can you confirm whether this would meet your requirements and, if not, what the desired outcome is you'd like to drive towards?

I'm going to mark this idea as Needs More Info awaiting your reply.

Regards,

Rob

Hello @robert.nicklin 

The idea is to prevent users to create sub-folder on root which cannot be prevented currently, as far as I know. This not only may result in 'wild' folders created for 'temporary use' but often stay much longer. It may also lead to security issue and loss of processes when in one of those 'wild' folders a link is created to an object/process in one of the restricted folder.

In our multi-team multi-environment infrastructure restrictions on root will also prevent accidental imports into wrong environments. eg \ProjectA\ProcessA could not be imported if ProjectA folder does not exist, with root level restrictions.

Regards

For explanation: Consider a process consisting of its name in a folder pointing to XML in DB. It is possible to create multiple name references in different folders pointing to the same XML. We have several 'compromised' objects in restricted folders because of this. Root level restriction won't prevent this situation but may limit involved people to who already have access to those objects. 

Hi @Walter.Koller,

Thanks for the additional information on this (and other) ideas.

I'm tempted to separate out the concerns around importing a release and what impacts this has on folders as "import" is considered an admin permission in Blue Prism Enterprise and trying to place restrictions on what folders can and can't be created on root as a result of an import will conflict with this and introduce a lot of complexity.

In regards to the general enhancement however, how would you feel if we restricted the ability to create folders at root level to just the "System Administrator" user role? I think the fact that you can't restrict the root folder, meaning that everyone can create folders at this level, even in an MTE restricted environment, is an oversight as you're calling out.

Regards,

Rob

Hello @robert.nicklin 

Limiting root level to System Administrator sound great.

If this would be an option to dis-/enable it would be even better. 

For very restricted environments (eg prod) this is perfect.

For open environments (eg training) or team managed (eg by lead developer) it would be good to not have to bother sys admin but it is still better than everyone can create folders even in prod environments.

Although it does not sound like a big change and it seems to make sense for MTE but this will affect all customers, even those with one team in one environment. (we also have those BP instances). 

So it would make sense to have a simplified optional setting like 'restrict root level y/n' that either limit root changed to sys admin role or has the same behavior as it is now.

Regards