Date: 5 June, 2006 - 12:45
After many recent threads about permissions "errors" in the dotProject forums, I've decided to describe one set of permissions here. This is not all of the permissions in effect here at CaseySoftware, but it is the main set used throughout daily usage. If you have questions, feel free to post them below.
Role: Project Worker
Non-Admin Modules - Allow - Access, Add, Delete, Edit, View
Companies - Deny - Access, Add, Delete, Edit, View
Reports - Allow - Access, Add, Delete, Edit, View
Explanation: This gives access for a User to do anything they want on any of the non-admin modules *except* for Company. But since all of my Projects are assigned to a company, they can't actually see anything other than the navigation menu and empty screens.
Test Results: I just created a new User with *only* this Role. The only Nav options visible are Projects, Tasks, Calendar, Files, Contacts, SmartSearch, Links, Reports. Under each, there is no data visible other than information not associated with any Company... for example, some of the Contacts.
Now, I got back and add the following permissions to this user:
Companies - CaseySoftware, LLC - Allow - Access, View
The User can now view all the information associated with my Company. This includes all of its Projects, Files, Contacts, etc. This user could even create new projects if they wanted, but only for this Company.
Now, since this is a ficticious contractor user, I add the following permissions:
Companies - Acme Anvil Corporation - Allow - Access, View
The User can now view all the information associated with this additional Company. Everything they could do/see for CaseySoftware, LLC now applies here too. Now, if they were working on this company's projects, they could log time against tasks, whatever.
Now let's say I have a single Project within CaseySoftware, LLC that the person shouldn't see, so I add these permissions:
Projects - Secret Anvil Development - Deny - Access, View, Add, Edit, Delete
This prevents the User from seeing *anything* involved with this project. No Tasks, no Files, no Calendar Events.









Defualt User Permissions
Hi,
I want to setup default security rules (for all new team members) as:
• Should NOT have access to ANY Company
• Should NOT have access to ANY Company Contact
• Should NOT have access to ANY Project
• Should NOT be able to create new Projects
So I can explicitly define, on what projects the user has access
Can you help me?
Default Permissons
Well, whenever a new user is created, they don't have any permissions (Roles) by default. Therefore, your first three points should be handled automatically.
To expand from there, you'd have to grant project-specific permission to each user.
I still cannot set permission for forums
I do exactly what you told...
But the forum still doesn't work becuase
my client still see other forums that not related to his company/project.
Anyway, Thank you for your guideline.
Cheers,
Post new comment