This document describes the behavior and configuration of transition controls and permissions in the ConnectMaster Change Management module.
It affects versions 7.00.169 and later.
Behavior
Permissions are applied using the following Hierarchy.
User Type Rights
System Administrator – All rights, no restrictions are applied to edit, projects, transitions, etc. This behavior maybe changed in the future to provide more nuance.
Normal User – Rights are defined by the project role and/or the template user rights.
View User - Rights are defined by the project role and/or the template user rights, and normal view only restrictions.
Project Role Rights
Library -> Projects -> Project Roles
Currently, two options are available for project roles.
Edit Base Data – Ability to edit base data. Only required for Normal Users as System Administrators automatically have permission.
Manage any Project – Can be used to assign superuser permissions to a Normal User. I.e. View/Edit any project stage, create/delete project, transition, merge/refresh
Note: |
Template User Rights
Library -> Projects -> Project Templates
At the template level, users grants can be managed for individual Groups/Users on a per-stage basis.
There are three options:
Manage Project
- Superuser equivalent to Manage Any Project, but limited only projects of this type.
Edit
- Users can edit data in the project at the defined stages (provided they are Normal User). Users without this right cannot edit and will be read only.
- Right to transition to the next stage is given to edit users assigned to that stage. I.e. to restrict a group/user from transitioning from a defined stage, they should be assigned either no right or View rights.
- Users with edit rights to the first stage of a project can also create/delete projects of that type.
- Users with edit rights can also merge and refresh. Merge is only allowed however based on the primary option set for the stage on the workflow tab.
Note: |
View
- Users can only view the projects they are assigned to, and only when the project is at the defined stages. If they do not have edit or view in a given stage, they will be able to open the project.
- Edit right will supersede the View right if allocated to the same stage.
Example Configuration
The following example demonstrates how templates can be configured to provide user and transaction control.
In this example, the Designer can create/delete the project as well as edit the first stage Plan, and then transition to Initial Review. They cannot however edit the design during Initial Review and transition to the Design stage.
User Group |
User Type |
Project Role Options |
Designer |
Normal |
Edit Base Data |
Manager |
Normal |
|
Admin |
Normal |
Manage Any Project |
Viewer |
Viewer |
|
In this example the Designer can create/delete the project as well as edit the first stage Plan, and then transition to Initial Review. They cannot however edit the design during Initial Review and transition to the Design stage.
The Manager can review the design and Reject->Plan or Accept->Design. The Manager cannot edit in Design stage or transition any further. The Designer can now edit and transition all up until the Final Review, which again needs to the Manager to transition from.
Known Issues
- Quick Search for a Project bypasses the permission checks, so any user can find a project and open it even if they don’t have permissions as defined in the template. This will be addressed in future release.
- Viewer Type user currently can see all projects and doesn't have ability to open a project. This is being addressed in future release.
Comments
0 comments
Please sign in to leave a comment.