This topic describes how to create each type of permission profile.
The basic flow for creating a permission profile is to:
Note that you can do the steps in any order, the only thing you must do first is click New.
Remember that you can put multiple rule types in one profile. For example, you might want to grant permissions to all members of a unit, plus one user who is not in the same unit. You would put a User rule and a Unit rule in the same profile.
Note: If you are using the Centralized Resource Staffing feature, you will have additional profile permissions. See About Staffing Permissions for information.
You create a Global profile when you want to grant a user/group/unit selected permissions to all instances of an entity. For example, imagine you have a data analyst named Jacob Ladder, and you want to give him permission to edit all reports.
The example below shows how to give global permissions to a user. You would follow the same process for groups or units - in step 3 just select the appropriate radio button (user, group, or unit) and select
The Global rule now appears in the Permission Rules list:
Note that if you select multiple users, each user will be given its own rule - this makes it easy to inactivate or delete individuals
By default, all entity owners implicitly have view/edit permissions on the Details section of any entities they own - regardless of if there is an Owner profile. Implicit owner permissions are not derived from profiles; additional permissions are derived from profiles. For example, you can give entity owners permission to delete their owned instances by enabling this permission in a profile configured for the appropriate entity types and that uses the Owner rule - however, you cannot prevent an owner from viewing the Details section/tab. See Implied Permissions for Entity Owners. test
Note that PPM Pro supplies an All Owner Permissions profile. You can use this one or delete it and create your own.
You create team profiles to give entity team members permissions on the instance of the entity whose team they are on. For example, you can add people to a project's team along with a profile that describes the permissions they have for that project. You can have multiple team profiles for the same entity. Perhaps for a specific portfolio (XYZPortfolio) you want to give one user or set of users View permissions, and another set of users Edit permissions. You would create two profiles: View_Portfolios would have the Portfolio > View permission, Edit_Portfolios would have Portfolio > Edit permission. When you add members to the XYZPortfolio team, you will assign each user, or group of users, the appropriate profile.
The Team rule now appears in the Permission Rules list:
The users you selected now have permission to edit the XYZPortfolioDashboard.
Repeat to add users to the XYZPortfolioDashboard.
(Note: With the ability to now grant permissions on projects of specific categories, we think the Associations rule type will become obsolete and we are considering deprecating. Please avoid using, and if this confuses you, please post a question in Community Discussions or enter a support case to ask for assistance.)
You create an association profile to give unit members the selected permissions on portfolios or projects that satisfy various associations. Associations describe the relationship between the unit and the portfolio. The associations are:
Benefits Unit
Funded by Unit
Owned by Unit
Provided by Unit
An association profile contains one or more association type. For each association type, you specify the permissions to grant on the project/portfolios in a unit's Associations tab that have the matching association type. The unit members are granted the project/portfolio permissions specified in the profile.
For example, imagine you want to ensure that all members of Unit A have permission to view all portfolios with a 'Benefits Unit' association with Unit A (that is, the portfolios have been added to Unit A's Associations tab with the 'Benefits Unit association). You would do the following:
The Association rule now appears in the Permission Rules list:
Users in Unit A now have permissions to view associated portfolios that have the 'Benefits User' association.
See Creating Staffing Permission Profiles for information about creating staffing profiles.