The Cerebro permissions system allows you to configure the scope and availability of functions for groups and individual users.
A permission (access right) – is a right to see, add or edit objects or oblect properties within a definite scope. The scope can embrace the whole “universe” (working area of company), a project or even a single task.
Configure access rights for an individual user by adding/removing the user account to/from the group with the appropriate role / access rights pattern.
Manage the access rights on the project level: select the root task in Navigator – it is the project level – and configure its properties. Specify roles for groups immediately when creating a new project. Add new users, that join your project along the way, to the approriate groups, and that’s it.
Avoid changing the access rights and discarding inheritance on the task levels lower than project, without necessity. If you need a more flexible configuration pattern than linear inheritance, use the conditional permissions and then allocate the users as assignees to particular tasks for the permissions to take local effect.
Tips & Tricks On Configuring Access Rights.
Keep things as simple as possible.
Avoid configuring roles and permissions for individual users, try to do it on the group level, when possible. It will help you keep the access management simple and predictable.
Remember: the simpler you configure the access system - the easier it will be to use and maintain.