Permissions Model/Access Rights

The management of permissions and access rights is the most complicated element of ]project-open[ because it really is a management of trust relationships. There is a dilemma between:


  • Access: Users should have access to all information and documents necessary to do their job.
  • Restriction: Users should not have access to more information then necessary to do their job.

 

To solve this dilemma ]project-open[ classifies users in two ways.  Horizontally, by using User Profiles and vertically by using User Hierarchy. 


  • User Profiles - the user is defined as a member of a functional department of the company (ex. User X is an Accountant in Finance)
  • User Hierarchy - the user is defined as having rank and position within a bureaucratically organized company (ex. User X is a Senior Accountant in Company X)

 

User Profiles

User profiles correspond to department membership in the company or roles that associated business partners play in your organization.

User Permissions

The most important User Profiles defined in ]project-open[ are:

  • Accounting:  Employees charged with financial record keeping duties
  • Customers:  External users who need to be kept informed periodically on project progression, and sometimes contribute material
  • Employees:  The work staff of the internal company 
  • Freelancers:  External staff that is employed on a temporary or project basis that should only have access to information pertinent to their contractual obligations
  • Manangers
    • HR - access to private personal data about employees
    • Project - tasked with assignment and benchmark setting responsibilities as well as controlling active projects
    • Senior - top management of the company with unchecked access to all corporate information
  • ]project-open[ Admins - technical support staff tasked with maintaining the system 
  • Sales:  marketing info, customer contact relations management
  • Vertical Administration
    • Consulting
    • ITSM
    • Translation

 Each profile can be assigned different permissions according to their function.  See the list of of all Profile Permissions that can be assigned per Profile.  The permissions attached to each profile are set using the User Profile Admin screen.  Using this you can build a profile that defines each type of user that will come into contact with ]project-open[ within the context of your company environment.  Users can belong to more than one profile.

 

User Hierarchy

The user hierarchy determines the relational permissions between different user profiles.  While Profiles are used to determine the rights of a user in context to system actions, the user hierarchy determines the rights of a user to administer another.  The classic case is of users forgetting or losing passwords in which case the System Administrator is empowered to change and set their private data so that they can regain access.  

 

More complex cases than that arise within ]project-open[ such as preventing customers from viewing the details of other customers, and not permitting Employees to access private data unless they are HR Managers.  In ]project-open[ the main utility for configuring this vertical permissive hierarchy is through using User Matrix Admin screen.  

 

References

  Contact Us
  Project Open Business Solutions S.L.

Calle Aprestadora 19, 12o-2a

08902 Hospitalet de Llobregat (Barcelona)

Spain

 Tel Europe: +34 609 953 751
 Tel US: +1 415 200 2465
 Mail: info@project-open.com