Common mistakes when setting up the security
1st Scenario :-
Â
- Scenario :
Restrict users in some particular role from performing some action on some particular object, like project, task.
For example, restrict users from role 'Sales Manager' from editing the project 'Administration Target'.
- Security settings :
On company level, the 'Edit Project' permission is denied for the role 'Sales Manager'.
- Result :
Sales managers can not edit any project.
- Solution:
- Keep the 'Edit Project' permission as 'Unspecified' for the role 'Sales Manager' at company level.
- On 'Administration Target' project, select 'Deny' option for role 'Sales Manager' to edit the project.
- On the other hand, select grant option for role 'sales manager' to edit the project which they are suppose to.
2nd Scenario :-
- Scenario:
There are two roles in a company, say 'Sales Manager' and 'Sales Executive'. You want users in the 'Sales Manager' role to view 'Project A' and 'Project B' and 'Sales Executive' should only see 'Project B' and not 'Project A'. A simple example becomes complicated when one user is playing two roles sales manager and sales executive.
- Security settings :
On company level, the 'View Project' permission is Granted to 'Sales Manager' role.
- Result :
The user playing both the roles is able to view both the projects.
- Solution :
- Keep the 'View Project' permission as 'Unspecified' at company level.
- For the 'Project B' grant 'View Project' for both the roles.
- For 'Project A' deny the 'View Project' privilege for 'Sales Executive'
3rd Scenario :-
- Scenario :
A user plays a role 'Sales Manager' in an workspace 'Sales' for which the 'Edit Project' permission is 'Granted'. But, he is not able to edit the project created for 'Engineering' workspace though he is part of the project team. - Security Settings :
The 'Edit Project' permission is 'Granted' for 'Sales Manager' role. - Result :
The user is not able to edit the project.
- Â Solution :
- The user only plays the 'Project Team' role in the project. Hence, he is not able to edit the project.
- The user needs to play the 'Sales Manager' role also in the project for editing the project. You need to Set the role of the user.