Project Permissions Examples Cookbook
Below are examples of scenarios you might have in your environment. As these are "profile-based" permissions, it's a given that every solution involves using a profile. You create profiles on Admin/Permission Profiles. When you create a profile you always include at least one rule type. For each example, the Rule Type column indicates the type of rule to put in the profile. The Permissions column indicates the specific permissions to enable/disable.
Please note:
- Any time we say "give users...." we mean "give users, or give groups, or give units..."
- When you create Team profiles, you are always prompted to pick the entity the profile applies to. For these examples, the entity is always "Project". You can, however, put multiple team rules in one profile, so you can include permissions for other entities. For example, you might create a team profile called View All Entities that you can use for team members of any entity.
- When describing permissions, we use the nomenclature Entity/Permission or Entity/Permission/Section. So Project/Delete means locate the Project branch of the hierarchy and click the Delete checkbox. Similarly, Project/View/Details means locate the Project branch of the hierarchy, expand the View permission branch, and then click the Details checkbox.
Examples
How Do I... | Rule Type | Permissions | Notes | |
---|---|---|---|---|
1 | Give a project owner the ability to delete projects | Owner | Delete |
Owners have implicit Edit/View rights to the Details section of entity owned by that user. You can grant the Delete permission to any owner by editing the existing Owner profile and checking the Delete project permission. If you do not have an Owner profile, you can create one. See Implied Permissions for Entity Owners.
|
2 | Give one or more users the ability to create projects | Global | Create |
Create a Global profile, select the Create permission for the appropriate entity from the Permissions Hierarchy - remember you can include Create permission for multiple entities if you want - and assign the profile to a user, group, or unit. |
3 | Give one user full edit permission on one project | Team | Various |
|
4 | Give one user access to all projects | Global | At least View |
|
5 | Give one user (or maybe a couple of users) total access to all entities |
Global > User (for one user) Global > Group (for more than one user) |
Full Edit |
|
6 |
Add users to several project teams with View permissions (or remove users from several project teams) |
Team | Various |
|
7 | Give groups of users permissions to one or more projects |
Global |
Various |
|
8 |
Give users permissions to projects that belong to the same department or Give users permissions to projects that belong to the same category |
Team | Various |
For existing projects, you can filter your project list to show all projects that belong to one department/category and then use Actions > Bulk Add Team Members to add the users along with the team profile. We recommend adding the users as a group or a unit, so each time you onboard a new user you can drop them in the group/unit and they will receive the appropriate permissions. For new projects, you can use a template project.
The team that you added to the template will be provisioned on each project you create from the template. |
9 |
Give unit members permissions to specific projects (Restrict Unit Access to Specific Projects) |
Team or Association |
Various |
or
See How Do I Grant Units Access to Specific Projects for detailed instructions. |
10 | View Org-level Reports | Team or Global | At least View |
With profile-based project permissions and row-level security, users have access to all Org-level report sources and reports (for project targets) based on those sources. Users will see report data only for projects for which they have at least View permissions. If you want a user to be able to report on all projects:
If you want a user to be able to report on only certain projects:
|
11 | Create a project that has a parent department | NA | NA |
Projects are no longer required to belong to a department. The Department field has been removed from the New Project Wizard. If you want to establish this relationship, you can do so manually. To create a parent-child relationship between a the Finance department and a project:
|
12 | Grant permissions based on a Program/Department | Team | Various |
Bird's-Eye View:
For detailed instructions, see Example: Use a project template to grant permissions based on the project's parent department |
13 | Grant permissions based on project Category |
Global Owner |
You can give users/groups/units permissions to projects of a specific category. For example, you can grant permission to create projects that use the Research Project category, or permission to view all projects that use the Maintenance Project category. For example, to grant user Frank True permission to create, edit, and delete all projects using the Research Project category, do the following:
|