To limit a Spectrum users OneClick access to a specific Global Collection will require the use of Spectrum User Security. At the very least, a Security String will need to be assigned to the specific Global Collection and a custom Security Community with custom Privileges created for the User or Group model for the Security String assigned to the Global Collection. The following is a step by step guide to create a basic configuration to accomplish this task.
GOAL: The goal of this exercise is to limit a User or Group of users so they only have OneClick access to the RegionA Global Collection seen below.
Step 1: Assign a unique Security String to the RegionA Global Collection. This can be done in General Information subview in the Information tab of the RegionA Global Collection. For the purpose of this exercise, we will assign it a Security String of "REGIONA". The "REGIONA" Security String should also be applied to all of the models within the Global Collection as well. In addition, a Security String other than REGIONA should be assigned to all other models in the database. If not, this user will still be able to see alarms for these models in the My Spectrum folder in the Navigation panel. When using Security Strings in Spectrum, a model without a Security String assigned is open to all users.
Step 2: Create a new "REGIONA" Security Community for the User or Group model to associate to the "REGIONA" Security String on the RegionA Global Collection. It is recommended to use User Groups to make the administration of Users easier. Either create a new User Group or select an existing User Group in the Users tab. Select the User Group and click on the Access tab in the Contents panel. Remove any existing Security Communities and create a new one called "REGIONA".
Step 3: Create a new custom Role for the REGIONA Security Community. Select the REGIONA Security Community in the Contents panel. Click on the Roles tab in the Component Detail panel. Then click on the New button. Below is a screen shot of some of the recommended roles to select. The ones you select may be different based on your specific needs.
So far, with the above work done, when User1 logs into OneClick, they will see the following:
You will notice the user is able to "see" the RegionB and RegionC Global Collections. The reason is because the RegionB and RegionC Global Collections do not have a Security String assigned. You will need to assign the RegionB and RegionC Global Collections a Security String the user does not have an Access Community to. After assigning a Security String to the RegionB and RegionC Global Collections, the user is not able to see them anymore when they log into OneClick.
Step 4: As an additional step, you can configure Users in the Group so that their initial view when they log into OneClick is the RegionA Global Collection. To do this:
1. Log into OneClick as an ADMIN user
2. Click on the Users tab in the Navigation panel
3. Right mouse click on the User Group and select Set Preferences fromt he menu
4. Expand the Explorer Tab folder and select Initial View
5. Find and select the Global Collection (in this case, the RegionA GC)
6. Check the Locked check box in for the Initial View
7. Click on the Apply button
8. Click the OK button
Now when the user logs into OneClick, they are taken directly to the RegionA Global Collection.