Differences

This shows you the differences between two versions of the page.

--- 72:manage_users_groups_permissions [2018/07/05 17:29] – [Manage users, groups, and permissions] bkkr
+++ 72:manage_users_groups_permissions [2024/02/15 00:00] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
-[[:72:start|Stages V7.2]]
 ====== Manage users, groups, and permissions ======
-You can [[:72:manage_workspaces|manage workspaces]], users, and groups and permissions from the administration tab on the left-side menu.
+You can [[:72:manage_workspaces|manage workspaces]], users, groups and permissions from the administration tab on the left-side menu.
-=== Users ===
+===== Users =====
 Users can be added and settings can be changed from the users section of the administration tab.
@@ Line 15: / Line 13: @@
 Adding a user only adds them to the software, not a specific project or workspace. If you want to assign a role to a user, see the [[:72:assign|assign a role]] page
-=== Groups and Permissions ===
+===== Groups =====
-Instead of adding individual users to specific projects, permissions, etc. it is easier to allow groups access. Users can be added to groups and then the entire group can be allowed access or permissions.
+Instead of adding individual users to specific workspaces, permissions, etc. it is easier to allow groups access. Users can be added to groups and then the entire group can be allowed access or permissions.
 To create a group click "+ Add Group" and type in the name of the group. Hit enter/return to make the group. To add a user to the group, click the specific group. From the group page, click "+ Add Member." Once clicked, type in the name of the user and a drop down filtered menu will come up with users. Click a user to add them.
-To add permissions to a group, click the group and click 'Permissions.' From here…
+===== Permissions =====
-//I think I should talk about every type fo permission briefly, just say what it is ^^^^^//
+To add permissions to a group, select the ''Permissions'' tab. From here you can select what permission and customize the levels of accessibility.
-**Domain**
+Each permission can have the following attributes:
-The domain attribute …….
+**Mode**
+This switch defines if the permission is an Allow or a Deny.
+The following rules apply:
+  * Deny is stronger than Allow: A user has no access to a specific domain, if that user is member of two groups and one denies access to that domain and one allows it.
+  * Everything, that is not explicitly allowed is denied.
+**Domain**
-^ ^Uses|
+The domain attribute defines which operations a user can execute.
-^Application of Process|Tailoring and Phase Freeze|
-^Application of Process (Unrestricted)|Tailoring and Phase Freeze|
-^Comments| |
-^Compliance| |
-^Data Collectors| |
-^External Source| |
-^File Management| |
-^Files|Project Documents|
-^Info Page| |
-^Issues|Configure, Import/Export, Create, Modify, Delete Issues|
-^My| |
-^News|Configure, Show, Create, Delete, Document News|
-^People|View People, Edit Overview Page|
-^People: Departments|Read, Create, Modify, Delete Departments|
-^People: Employees|Read, Create, Modify, Delete Profiles, and Upload Picture|
-^Permissions| |
-^Process Execution Configuration| |
-^Process Import/Export| |
-^Process Management| |
-^Process Module Overwrite| |
-^Process Modules| |
-^Process Release| |
-^Process Versions| |
-^Processes| |
-^Project Attribute| |
-^Project Review| |
-^Project State|View, Change, Manage Project State|
-^Reports|Metric Dashboard|
-^Revert Locks of Others| |
-^Role Assignments|View and Change Role Assignments|
-^Source Checkins| |
-^User Groups| |
-^Users|Log in/out, Define Notification Settings, View Roles and Users, |
-^Wiki|All Access to Wiki|
-^Wiki Articles|Read, Modify, Create, and Delete Wiki Articles|
-^Wiki Categories|Create, Modify/Move, Delete Wiki Categories|
-^Workspace Navigation|Quicklist, Log in/out, Define Notification Settings|
-^Workspaces|All|
-For further information on permissions, see the Permission Matrix. (//Need to put the matrix in here, the excel sheet//)
+{{:73:permissions_matrix_v7_3.xlsx|This permission matrix}}  shows the relationship between the permission domain and the user operations.
 **Workspace**
-The workspace attribute allows access to certain workspaces in Stages.
+This attribute defines for which workspace or group of workspaces the permission applies to.
 **Transitive**
-When the transitive attribute is selected, the permission is set for all subsequent modes after.
+When the transitive attribute is selected, the permission applies to the whole subtree of workspaces. If it is not selected, the permission only applies to the workspace as defined with the above attribute.
 **RMCD**
@@ Line 84: / Line 53: @@
 ^R  |Read  |
-^M  |Manage  |
+^M  |Modify  |
 ^C  |Create  |
 ^D  |Delete  |
@@ Line 90: / Line 59: @@
 **Level**
-The level attribute allows specific access on parts of process applications.
+The level attribute is only relevant for the Processes domain. It corresponds with the security level of the individual process elements. For example: If a certain security level applies to a process element, a user needs Read permissions with the same level or higher to be able to see it.
 **Precedence**
-The priority of permissions is decided through the precedence attribute.
+This attibute defines the precedence of the permission. The precendence is as follows:
-TBD
+**High Deny > High Allow > Low Deny > Low Allow**
 \\