Search

Quick Links

• Home
• Download Center
• Online Demo
• User Documentation
• Forum
• Bug Tracker
• White Papers
• FAQs
• Roadmap
• Sitemap
•  RSS feed

Security

• Overview
• openACS Security
• Application Security

Developer Community

• 

User Permissions and Access Rights

The management of permissions and access rights is the most complicated element of ]project-open[ because it really is a management of trust relationships. There is a dilema between:

• Access: Users should have access to all information and documents necessary to do their job.
• Restriction: Users should not have access to more information then necessary to do their job.

To solve this dilema ]project-open[ introduces three types of access permissions:

• "User Profiles" which correspond to department membership in a company
• "Project Roles" which correspond to the function of the user in a specific project and
• "User Hierarchy" which corresponds to the hierarchy in the company.

Each of these concepts are explained below.

User Profiles

User profiles correspond to department membership in the company or business partners respectively.

The figure above depicts the different types of User Profiles:

• Senior Management: The management of the company with access to all corporate information
• Project Managers: Employees with special skills to manage projects
• Employees: Employees from several departments such as sales, operations, ...
• Finance: Employees with access to invoices and other financial information
  
• Freelancers: External users who can take part in specific projects. Freelancers have basicly no access rights outside the specific projects they take part of.
• Clients: External users with permissions similar to Freelancers.

Please note that the groups Employees, Freelancers and Clients are mutally exclusive.

Project Roles

Project roles define access permissions to project on a case-by-case base. Project roles are particularly useful for "Freelancers" and "Clients" with normally very restricted access to the system.

The figure above depicts a "Project B" that involves project members from both the provider and the customer side.

Project Roles can be extended and customized for a specific company. However, a number of predefined project roles exist:

• Administrator:
  The administrator of a project can assign new users to the project and change its main characteristics. Also, the enjoys full read and write access to all associated components such as discussion forums and filestorage.
• Member:
  A member has access to all information of a business object but is not allowed to administer the object.

]project-translation[ for example adds several translation specific roles such as:

• Translator
• Editor
• Proof Reader

 

User Hierarchy

The user hierarchy determines which user has the right to "administer" (change the password and email, ...) other users. The hierarchy consists of:

• System Administrator
• Senior Management
• Employees
• Freelancers and Customers

Being able to administer a user is particularly useful in cases where the user has forgotten his password or has otherwise problems to work with the system.

---

Quick Feedback:

Please help us to improve the quality of our websites and report any type of spelling/grammar errors and other obliquities using this form.
To get in touch with us regarding other topics please use our contact form.

Name:  E-Mail:

Message: