Permissions
Access control in Stages works through permissions. A typical permission looks like this:
XXX Screenshot
The various attributes of a permission are described in the following section.
Allow / Deny
A permission can either allow access to specific elements (= enabled) or deny it (= disabled).
A Deny has higher priority than an Allow, so if a user has two permissions for a specific element and one is Allow and the other is Deny, the access is not granted.
Domain
The domain controls which part of Stages (e.g. features or parts of the process data) are impacted by the permission.
| Name | Description |
|---|---|
| Administration Jobs | b |
| Comments | d |
| Compliance | x |
| Compliance Management | x |
| Feedback | x |
| File Management | x |
| Files | Controls access to the files that can be managed via Stages for each work product. Those files are not stored in Stages, but are accessed via an integration with Sharepoint, SVN, CVS, or other supported systems. Files typically represent project or program deliverables. |
| Global Attribute Management | x |
| Landing Pages | x |
| Maintenance | Controls if a user can start and stop the maintenance mode. Only the Modify operation is being used. If Stages is in maintenance mode, only users with this permission can log in. All other users will see a message that the system is in maintenance mode. |
| Manual Tailoring | x |
| Participant-to-User Group Assignments | x |
| Permissions | x |
| Phase Freeze | x |
| Process Execution | x |
| Process Execution Configuration | x |
| Process Import/Export | x |
| Process Management | x |
| Process Module Overwrite | x |
| Process Modules | x |
| Process Participant Assignments | x |
| Process Release | x |
| Process Release Administration | x |
| Process Version | This permission controls access to process versions other than the valid version. |
| Processes | x |
| Project Attributes | x |
| Report Administration | x |
| Reports | x |
| Revert Locks of Others | x |
| Role-to-User Group Assignments | x |
| Tailoring | x |
| User Groups | x |
| User-to-Role Assignments | x |
| Users | x |
| Workspaces | x |
Workspace
sss
Transitive
sss
RMCD
RMCD controls the operations that are allowed or denied by the permission:
- R: Read
- M: Modify
- C: Create
- D: Delete
Level
sss
Precedence
In general, Deny permissions override Allow permissions:
Deny > Allow
The Precendence attribute provides more control over this hierarchy by being either High (= enabled) or Low (= disabled):
High Deny > High Allow > Low Deny > Low Allow
For example, this can be used to allow access to some specific workspaces, but not all of them:
Transitive Low Deny for all Workspaces
Non-Transitive High Allow for the Root Workspace
xxx