Our business requires us to set permission by divisions. For example, division A can only update/change division A managed products and division B can only update/change division B managed products, etc. (Users of both divisions can read each other's products).
How could I accomplish this? I tried to set permissions on a derived hierarchy called Product By Division. But i did not get the desired result:
- On the excel add-in, even though division A products are greyed out for division B users, division B users can still change any of the division A products and publish successfully.
- On the web UI, division B users can't change division A products (good) but they can change their division attribute to A and save it. Also, add new member is diabled for all users.
I appreciate any insights on how to solve this.