Table of Contents

Permissions

Access control in Stages works through permissions. A typical permission looks like this:

XXX Screenshot

The various attributes of a permission are described in the following section.

Allow / Deny

A permission can either allow access to specific elements (= enabled) or deny it (= disabled).

A Deny has higher priority than an Allow, so if a user has two permissions for a specific element and one is Allow and the other is Deny, the access is not granted.

Domain

The domain controls which part of Stages (e.g. features or parts of the process data) are impacted by the permission.

NameDescription
Administration Jobsb
Commentsd
Compliancex
Compliance Managementx
Feedbackx
File Managementx
FilesControls access to the files that can be managed via Stages for each work product. Those files are not stored in Stages, but are accessed via an integration with Sharepoint, SVN, CVS, or other supported systems. Files typically represent project or program deliverables.
Global Attribute Managementx
Landing Pagesx
MaintenanceControls if a user can start and stop the maintenance mode. Only the Modify operation is being used. If Stages is in maintenance mode, only users with this permission can log in. All other users will see a message that the system is in maintenance mode.
Manual Tailoringx
Participant-to-User Group Assignmentsx
Permissionsx
Phase Freezex
Process Executionx
Process Execution Configurationx
Process Import/Exportx
Process Managementx
Process Module Overwritex
Process Modulesx
Process Participant Assignmentsx
Process Releasex
Process Release Administrationx
Process VersionThis permission controls access to process versions other than the valid version.
Processesx
Project Attributesx
Report Administrationx
Reportsx
Revert Locks of Othersx
Role-to-User Group Assignmentsx
Tailoringx
User Groupsx
User-to-Role Assignmentsx
Usersx
Workspacesx

Workspace

sss

Transitive

sss

RMCD

RMCD controls the operations that are allowed or denied by the permission:

Level

sss

Precedence

In general, Deny permissions override Allow permissions:

Deny > Allow

The Precendence attribute provides more control over this hierarchy by being either High (= enabled) or Low (= disabled):

High Deny > High Allow > Low Deny > Low Allow

For example, this can be used to allow access to some specific workspaces, but not all of them:

Transitive Low Deny for all Workspaces

Non-Transitive High Allow for the Root Workspace

xxx