Security in Celoxis works within a context. It can be set at two levels.
Company Level
Object Level
When a user performs any action in Celoxis, security is first checked at the Company level to see if the user has the privileges. If there is an explicit Grant/Deny privilege for that user, then the user is permitted/or not. If there is an "Unspecified" at the Company level, then the Object level security is consulted. If the Object level security too has an "Unspecified" then the action is Denied.
Company level
The security at the company level is applicable for all the projects, tasks, documents, time entries and expenses in the company. Company level policies should be defined at this level. Care should be taken when you set explicit Grants or Deny to ensure that this needs to be mandated as a Company policy. A Company level explicit Grant or Deny cannot be overridden at the Object level. To read on how to set company level privileges, please click here.
If a user plays multiple roles, and if ANY of those roles has an explicit deny, it will result in a Deny
Object level
Object level security allows the ability to set security for specific objects. For example, a View Financials privilege at the Company level for the role QA Lead may be "Unspecified", but for a specific project you may want your QA Lead (role) to have View Financial privileges. In that case you can grant them to the QA Lead at the Project level. To read on how to set project level privileges, please click here. For the other 3, go to the object. Click on More, then select Set Security.
You can set specific object level security for
- Project
- Task
- Document / Folder
- Discussion