Security Permissions

Granting Security Permissions, controls each user role’s access to all fields, buttons and features in ExtraView. In setting permissions, the System Administrator has the ability to make these kinds of items read only, write only, readable and writeable, or invisible.

The security system uses the concept of inheritance. Each Area and each Project can have different security permissions for each key. However, if no setting is made at the Area level, then the value of the key at the global level is used. In the same fashion, if no value is given at the Project level, then the key is set to the value at the Area level. This provides an economic means of administering ExtraView where you need only provide settings for security keys that differ from the global level.

When you update a security permission key, or a number of keys, the change in permissions is immediate for the administrative user who made the change. All other users will see the change when the time period defined by the behavior setting named SECURITY_CACHE_MINUTES, causes the security cache for each user to be refreshed. The default time period for this is 30 minutes, so any user signed on will see the change within this time period. Any user who signs on will see the newly updated permissions immediately.

The security permissions for individual fields may also be set within the data dictionary and within the layout editor. This provides a convenient means of setting the permissions while working on a field.

  1. Click on Grant Security Privileges within administration.
  2. The following screen appears:


    Grant Security Privileges screen

  3. This screen gives you access to alter the user role permissions for all of the System Security Keys. The options are as follows:
    • Business Area access by user role
    • Projects within Business Area for each user role
    • Navigation bar buttons and other screen options
    • The individual administration menus
    • Fields and other permissions used when adding issues
    • Fields and other permissions used when editing issues and querying/reporting
    • Access to personal and shared report types
    • Security features, roles, password and privacy settings
    • Permissions to the values of the STATUS field
    • Fields on users’ account records
    • Individual security keys, or a selection of individual security keys
  4. The selection box accepts any characters, and will filter the list of settings displayed to match only those entries that contain the character string you enter.  You can check the entries you want to edit.  You can make a selection, then enter a diffierent character string in the selection box and make further selections before you click the button to alter the settings for your entries
  5. After selecting a user role (or all user roles) and a security key category or individual security key, click the Set Permissions for Selected Keys button. You can select multiple keys by using the standard combination of CTRL and SHIFT keys on your keyboard, with the mouse button.


Grant Security Privileges screen
If youwant to modify permission keys at an inherited level, i.e. you have not selected the Global Area and Master Project, the screen is modified , allowing you to see where security permissions for an individual key are inherited, and where they are overwritten. The following screenshot has an example.

Setting permissions for an inherited field

Make a Field or Option Read Only

  1. Identify the column head for the User Role whose privileges you would like to change.
  2. Click the radio button in the Read box for that User Role only
  3. Click the Update button.

Make a Field or Option Write Only

  1. Identify the column head for the User Role whose privileges you would like to change
  2. Put a check mark in the Write box, for that User Role only
  3. Click the Update button.

Make a Field or Option Read and Write for a Particular User Role

  1. Identify the column head for the User Role whose privileges you would like to change
  2. Put check marks in both of the boxes, for that User Role only (Read and Write)
  3. Click the Update button.

Make a Field Invisible to a Particular User Role

  1. Identify the column head for the User Role whose privileges you would like to change
  2. Remove the check marks from both of the boxes for that User Role (Read and Write)
  3. Click the Update button.

Note that you may alter all the permissions for a single field or object, across all user roles, by using the radio buttons beneath Set All Row:. Use the buttons to set all read and/or write permissions to Yes or No for any row of settings.

Inheritance

Permissions set in the global area and master project are inherited and used by all other business areas and projects unless the inheritance is broken at an individual business area or project. By doing this, you can establish a different set of permissions for any field or object at any level within your installation. Setting a different permission for a field within a business area, causes that permission to be used for all the projects within that business area. Setting a different permission within a master project causes all the other projects within that business area to use these permissions. Setting different permissions within a project other than the master project causes these permissions only to be used within that single project.

This provides an economic means of setting permission through your system. You set them at the root level, i.e. the global business area and master project. These permissions are then used with all junior objects, unless you choose to override them.

You provide the override by editing the field or object within the business area and project where you want to provide the override. When you first look at the permissions within a specific business area and project, you will see that the permission is set to "I", for inherit. You simply set the read and write privileges to override the inheritance. You can always set the permission bak to the "I" value to restore the inheritance.