The access rights are very important when using GeniusProject. The access rights are defined at multiple levels:
- Server Access/ Server authentication Access Control List (ACL). (On-premises only)
- User license type.
- Navigation setup.
- OBS and Hierarchical organization
- Project membership.
- Document/record level security.
Server Access/Server Authentication
The user must have access to the server on which the database resides. He(she) has to have a valid account.
Access Control List (ACL) - On-Premise Only
The ACL specifies the user's rights at the database level. For example, the user can be allowed to view or modify all documents, to create projects, etc.
This setup is done by the server administrator or the application manager.
User Licence Type
Depending on his/her license, a user may be allowed to create and edit certain types of documents. If a user does not have the required license to edit or create a document, the adequate message will be displayed. Example: "A <Project leader> license is required to create this type of document!" . This is a task of the application manager to define user licenses in the Resource documents in the 'Resource' database.
The application manager can define the navigation for each license type. This can be customized to depend on something else than the license type, for example the resource type.
OBS Organization Breakdown Structure
Each project and resource can be attached to an OBS. The OBS can be used to manage access rights. See “Hierarchical structures definition” the Portfolio Module setup.
In the 'Projects' module, by default, only the resources specified in the 'Participants' section of the Project description are authorized to view the documents of that particular project (with the exception of resources having the role [COP_MANAGERS] or [ViewAll].
Those default access rights can be changed in each Project Modules in the “Security” tab of the “General setup” of the Project Module.
The authorizations are saved into each document/records, this is why it is necessary to update the security on all documents when the list of participants for a project is modified.
Documents/Record Level Security
The authorizations can be restricted or expanded at the document/record level. It is possible to limit the visibility of a document to the project leaders, or to authorize another member of the project to edit a document for which he/she is not the author.
It's possible to bypass the security defined at the project level by modifying the security at the document level. But it is not possible to bypass the security set at the database level by modifying the security at the document level. For example a user that has only 'Reader' access in the database ACL will not be able to edit a document, even if it is declared as an author at the document level.
GeniusProject’s advanced and powerful security and access definition is available for any document. Clear and easy security settings are available in each document. Default security settings can be setup at the system and project level.
To view the access rights settings for a document, click the icon on the top right side above the section line.
Access rights are defined for each document author. By default, the name of the author is the name of the resource that is creating or modifying the document. This field can be modified; for example, an assistant who wants to create a document for the supervisor can indicate their supervisor’s name as the author.
Write and Read access can also be set in for the project community:
- Public: anyone having access to the system
- Project: all members of the project team.
- Distribution: the resources defined in the “Distribution” list for this document.
- Private: nobody other than the author(s).
It is also possible to define read access according to business roles.
Access Rights According to Workflow Definition
By defining a workflow, it is possible to define who as the right or not to modify a document at each status of a workflow. For more information see chapter, “Workflow in GeniusProject.”