Access rights are a critical aspect of using Cerri Project, as they are defined at multiple levels: 

• Server access/ Server authentication
• Access control list (ACL) (On-premises only)
  
• User license type
• Navigation setup
• OBS and hierarchical organization
• Project membership
• Document/record level security
• Workflow 

Server Access/Server Authentication

Users must have access to the server where the database resides and possess a valid account.

Access Control List (ACL) - On-Premise Only

The ACL specifies user rights at the database level (e.g., the ability to view or modify documents, or to create projects).

Setup: Configured by the server administrator or the application manager. 

User Licence Type

Determines whether a user can create or edit specific document types. If a user lacks the required license, a message will be displayed (e.g., "A <Project leader> license is required to create this type of document!").

Navigation

Navigation can be defined and customized by license type or other criteria (e.g., resource type).

OBS Organization Breakdown Structure

Projects and resources can be attached to an OBS, which helps manage access rights. See “Hierarchical Structures Definition” the Portfolio Module setup for more information.

Project Membership 

By default, only the resources listed in the 'Participants' section of a project description can view documents in that project (excluding [COP_MANAGERS] or [ViewAll] roles). 

Default access rights can be modified in the “Security” tab of the “General setup” for each Project Module.

Security must be updated for all documents if the participant list for a project changes.

Documents/Record Level Security

Visibility can be limited to project leaders or extended to specific project members to edit documents they are not the author of.

Project-level security can be overridden by modifying the document-level security. But document-level security cannot override database-level security. For example, a user with 'Reader' access in the database ACL cannot edit a document even if assigned as an author at the document level.

Cerri Project’s security and access settings are available within and for all documents. Default security settings can be setup at the system and project level.

To view the access rights settings for a document, click the lock icon in the top-right corner of the document.

Access rights are defined for each document author. By default, the author is the resource creating or modifying the document. However, this field can be modified; for instance, an assistant creating a document for the supervisor can designate the supervisor as the author.

Write and Read access can also be set in for the project community:

• Public: Accessible to anyone with system access.
• Project: Limited to all members of the project team.
• Distribution: Restricted to resources specified in the document's “Distribution” list.
• Private: Accessible only to the author(s).

Read access can also be defined according to business roles.

Access Rights According to Workflow Definition

Workflows allow the definition of rights to modify a document based on its status within the workflow. For more information, refer to the chapter, “Workflow in Cerri Project.”