The access rights for projects/tasks are set up on the Task Properties tab (see ch. “Task properties”).
In terms of Navigator, a Project is a root-level task in the tree structure.
To assign access rights to a task selected in the Navigator, go to the Task Properties tab and click the Access rights icon in the top right corner - a window with access rights will open:
The upper list displays groups and users who have any access rights to the selected task. The list contains four columns:
- Group/User Name;
- Role – the name of the role given to the group/user;
- Applied to – displays the objects the role is applied to
- Inherited From – the name of the parent object from which the current object inherits the access rights pattern (role). If the role is not inherited from anywhere and applied directly to this object, the field is empty.
The roles may be either inherited from parent objects or applied directly to the current object. The groups/users that have directly applied roles on the selected task (object) are marked bold.
The role and its inheritance model can be edited only on the top parent object level, i.e., on the level where the role is applied directly.
The lower list of the Roles window displays the permissions for the group/user selected in the upper list.
Press the Add Groups/Users button to add a group/user to the upper list, then the dialog will appear:
There is a button for creating a new group above the list of groups.
Once you have configured the roles for the groups, you can manage the individual roles in a much simpler way – just by adding/excluding a certain user to/from an appropriate group. The group member inherits the access righs pattern from the group and, vice versa, when exluded, the access rights are discarded.
Editing the Access Rights
Pick the group/user whose access rights you want to edit, from the upper list in the Access Rights window. Then select an appropriate role from the dropdown list in the Role column (see ch. “Roles”). Then select the application area in the Applied To column (see ch. “Permission Inheritance”).
If the existing roles do not meet your requirements for a particular group/user, you can assign the best match and customize it by (un)checking necessary permissions in the lower list. This method is good for an exceptional, non-regular use. Otherwise, it is recommended to create a new role with the appropriate access rights pattern – press the Roles button to access the role edit window (see ch. “Roles”).
Discarding Access Rights
If you want to discard access rights of a group/user, pick the group/user in the list and press the Delete button or select None from the dropdown list of roles.