Description: Organizations will often require that peers assign to the same system group can fully manage their colleagues Notebooks/Experiments as if their were their own.
To accomplish this, they will align System groups, attributes and security policies to make this collaboration space work. On occasions administrators will grant access based on a security policy of an attribute, for example "Department".
The correct security policy for this attribute is Full Control, as the write attribute will only grant permission to modify/add content to the entity but will not allow the peer to modify the status of it.
An example of the security policy is:
RULE "Allow standard users modify status of"
IF
attribute "Department" match
THEN
grant "entity.full_control"