web2project Permissions Crash Course

One of the most common configurations out there is related to allowing web2project users to have access to only specific companies. While it’s not as simple as saying “users should only see things from their own company,” it’s not as complicated as you might think. Here’s how I’ve done it for various groups.

If you start with the basic roles, here are the step by step directions:

Role: Project Worker

Non-Admin Modules – Allow – Access, Add, Delete, Edit, View

Companies – Deny – Access, Add, Delete, Edit, View

Reports – Allow – Access, Add, Delete, Edit, View

Explanation: This gives access for a User to do anything they want on any of the non-admin modules *except* for Company. But since all of my Projects are assigned to a company, they can’t actually see anything other than the navigation menu and empty screens.

Results: I just created a new User with *only* this Role. The only Nav options visible are Projects, Tasks, Calendar, Files, Contacts, SmartSearch, Links, Reports. Under each, there is no data visible other than information not associated with any Company… for example, some of the Contacts.

Now, I got back and add permissions to individual users:

Companies – CaseySoftware, LLC – Allow – Access, View

Results: The User can now view all the information associated with my Company. This includes all of its Projects, Files, Contacts, etc. This user could even create new projects if they wanted, but only for this Company.

Now, since this is a ficticious contractor user, I add the following permissions:

Companies – Acme Anvil Corporation – Allow – Access, View

Results: The User can now view all the information associated with this additional Company. Everything they could do/see for CaseySoftware, LLC now applies here too. Now, if they were working on this company’s projects, they could log time against tasks, whatever.

Now let’s say I have a single Project within CaseySoftware, LLC that the person shouldn’t see, so I add these permissions:

Projects – Secret Anvil Development – Deny – Access, View, Add, Edit, Delete

Results: This prevents the User from seeing *anything* involved with this project. No Tasks, no Files, no Calendar Events.

Are you interested in API Design? Check out our new book "A Pragmatic Approach to API Design." In it, we cover the basics on why you might need an API, how to get started on modeling your API, and finally some design patterns and anti-patterns to be aware of. Available soon from LeanPub