Never one to shoot down an opportunity to learn, I'd be curious how AD has been implemented to address the granularity of securables needed in a large enterprise ?

Just as examples, lets say:

You have a regional sales rep, a regional sales manager, a corporate sales director, and a president.

(to keep it limited - but feel free to expand that realistically about 20 fold)

The Rep can see just his/her data, the regional mgr only data for their region, the sales director all "sales" data for all regions, the president any and all data.

Now add complexity.

The regional mgr is now a member of a specialized task team which expands visibility beyond that of other regional mgrs.

The sales rep now works dual roles and part time supports another region or another division .

Note that I mention both reports AND data.

We secure data, not just the reports used to view it.

One report , based on automated security will expose differing levels of data.

Not 10 reports with different filters, one report with dynamic data level security.

How does AD address this ?

Is there a slick solution we might be exploring ?

It is something I'd be very keen on :o)

(and to address the other comments, yes, thousands of users and hundreds of reports...)

Thanks all !