A Company wants to introduce network segmentation for an existing network. The network is to be divided in two separate segments, West and East with pit2 as a coupling location.

 

There are three organizational Units in the Company:

The regional unit ‘West’ is responsible for the network segment ‘West’ and the regional unit ‘East’ for the network segment ‘East’. The ‘Central Unit’ is responsible for supra-regional engineering and operation.

The company has a ‘Network Segmentation’ license for 2 network segments. Therefore the users from the ‘Central Unit’ have edit-rights for both segments and they are distributed equally to Home-Segments ‘West’ and ‘East’ (because no separate overall network segment for the central users shall be used).

Some of the users of the regional units have edit rights in their own network segments and viewing rights in the other segment. Additionally they get the option ‘Edit Distributed Data’ allowed.

Some of the users of the regional units have only view rights in their own network segment. They shall not have a visibility in the other segment for distributed objects also.

Example Users:

User1: Member of Unit ‘West’; View West, NO for ‘External Segment Visibility’, ‘Edit Distributed Data’

User2: Member of Unit ‘East’; Edit East, YES for ‘External Segment Visibility’, ‘Edit Distributed Data’

User3: Member of Unit ‘Central’; Edit West, East; Systemadministrator Role

For this use case the required steps and their order will be described