EnterWorks Groups control both the functional areas of the application a user is allowed to view or perform, and what level of access a user has access to objects within EnterWorks, (for example code sets, users, groups, repositories etc.). Each type of object has permissions that can be set at the group level. These permissions give users in the group the ability to create an object and to read, edit or delete an existing object.
Repositories have additional permissions that allow a user to add, edit, sync-in (import), and delete records inside of repository. Be careful to assign correct permissions to a repository and its underlying objects. Anyone given access to the repository must have read privilege on the underlying profile and the code sets used by the repository. If you are allowing a user to import data into a repository, they must have permission to create File Definition and Data Source objects.
Repositories security assignments must include an attribute security filter and optionally a record security filter. The filter attribute controls which attributes in a repository the user is allowed to read and edit. If no specific filter is defined for profile, the default filter must be specified. If no filter is defined, the user will not see any data. The Record security filter applies a search condition on records returned from a repository to limited access to only those records that match the Record filter criteria.