How Security Works
Let us understand how these privileges work with respect to the roles. If a role is granted a privilege to "view project" at the company level, and not at the object level, then the user can still "view project", whereas, if the user is denied the privilege at the company level and granted the privilege at the object level, then the user cannot "view project". Similarly, if a user's privilege to "view project" is unspecified at the company level but granted the privilege at the object level, then the user will be able to "view project". Let us understand the concept of Roles and Privileges through the illustration below:
| "View" Project privilege | ||||||||
| Company level |  | | | <unspecified> | <unspecified> | <unspecified> |  | |
| Object Level | <unspecified> | | | <unspecified> | | | | <unspecified> |
| Result | | | | | | | | |
Now, let us understand this concept in a user's context who has the following roles in a company: Mark Duncun: is a staff ( since he is a user) is also a developer. If Mark is assigned the privilege of "viewing a task", he will have the following privileges:
| "View" Task privilege | ||||||
| Staff | | | | <unspecified> | <unspecified> | |
| Developer | <unspecified> | | | <unspecified> | | |
| Result | | | | | | |
Lets understand security with respect to the workspace and roles. There is a workspace Sales, and Mark Duncun plays the role of Sales Manager of that workspace. Now, it is possible that Mark may belong to another workspace, say, Accounts, and he may not play the role of a manager in Accounts but he may just be a staff in that workspace. Therefore, the privileges that Mark gets in the Sales workspace, is not what he gets in the Accounts workspace. Let's assume, there is one workspace "Human Resource" with Joe as the head of the workspace. The "Human Resource" workspace is responsible for two different projects, with Joe as the manager of P1 and John as the manager for P2. Now, since Joe is the head of the workspace of "Human Resource", he has the privileges which over-rides his privileges as manager of P1. In other words, Joe has more authority on the workspace, but less on P1. Whereas, even if Joe is the head of the workspace of "Human Resource", he still has limited privileges in P2 as compared to John, who has more privileges in P2 since he is the manager.
| Privileges at W orkspace Level | View Project | Edit Project | Delete Project | View Financial | Edit Financial | Add Project |
| Mark (Sales Manager) | | | | | <unspecified> | <unspecified> |
| Privileges at Project level | View Project | Edit Project | Delete Project | View Financial | Edit Financial | Add Project |
| Mark (Staff) | | | | | | <unspecified> |
| Result | | | | | | |