Authorizations 

Use

Authorizations ensure that only authorized persons can see or process a project or parts of a project.

In cProjects there are two different types of authorizations:

...

       1.      General authorizations

Your system administrator creates these authorizations in the authorization profiles in the user master record.

       2.      Project-specific authorizations

You issue these authorizations to the project participants for individual objects.

Prerequisites

·        Your system administrator created users, roles, and organizational units.

·        Your system administrator created default authorizations for project roles in Customizing for Collaboration Projects by choosing Resource Management → Basic Settings for Project Roles → Define Project Role Types.

·        You created user groups as required.

Features

General Authorizations

These authorizations safeguard the following functions:

·        Creating projects

·        Creating, changing, displaying, and deleting project templates, checklist templates, and control plan templates

Every cProjects user has authorization to execute these functions.

Project-Specific Authorizations

You can grant these authorizations. You automatically have administration authorization for a project you created. Once you assign a user to a project role, the user is granted the default authorizations that belong to this role for the project definition.

Authorizations specific to a project element are inherited by lower-level project elements. You can, however, add any number of additional authorization holders at each hierarchy level or change existing authorizations (see Assigning Authorizations). If an authorization has been inherited, you can recognize this by the entry in the Inherited from column.

·         If you delete the assignment of a user to a project role, the user still has the authorizations he or she obtained via the project role. If you want to remove the authorizations, you have to delete them manually (see Assigning Authorizations).

·         If you are adding users to a project element as authorization holders, who have not been assigned to a project role yet or who do not have any authorization via this role, you must at least give them display authorization for the project definition, otherwise they cannot open any project elements in this project. This also applies if the users have more than just display authorization for a particular project element, for example, if they have write authorization.

The authorizations that have specifically been granted to an authorization holder take priority over the authorizations that have been inherited by this authorization holder. However, if a project participant has different authorizations acquired via different authorization holders, an inherited authorization can also take priority over the others (see the section entitled “Prioritizing Authorizations”).

Authorization Holders

The following authorization holders are available:

...

       1.      Individual users

       2.      User groups

       3.      Organizational units

       4.      Roles (single or composite roles)

Here you can also enter authorization holders to whom no project roles are assigned.

Prioritizing Authorizations

The so-called order of authorization holders represents a prioritization of authorizations. This is important if a user has acquired a number of different authorizations for an object via different authorization holders. Individual users carry more weight than user groups and user groups carry more weight than roles. If, for example, a single user has write authorization for a task and acquires read authorization for the same task via a user group, the authorization of the single user applies, in this case, write.

Prioritization also applies to inherited authorizations, for example, an authorization inherited by a user carries more weight than the authorization for a project element assigned to a user by means of a user group.

Authorizations

The following project-specific authorizations are available:

·        No authorization

This authorization withdraws all authorizations for an object from a user, even if he or she has the authorization for a superior object.

·        Admin

You receive this authorization automatically from the system when you create a project. You can use this authorization to perform the following activities:

¡        Change all the data in a project element or document

¡        Delete project elements

¡        Create additional project elements

¡        Grant authorizations to other project participants

¡        Plan the schedule for project elements

¡        Initiate the approval of a phase

The authorization includes the read and write authorizations.

·        Write

You receive this authorization automatically from the system if you were entered as the person responsible for or the processor of a project element. You can use this authorization for all the activities you have to perform as the person responsible for or the processor of a project element or document:

¡        Enter actual values for a task or checklist item

These are:

Checklist item: Actual finish date, result, detection, severity, occurrence, status

Task: Actual start date, actual finish date, confirmation, percentage complete, status

¡        Change the status of a checklist.

¡        Create, edit, and delete collaborations, object links, and control plans for a project element.

¡        Create, edit, and delete documents for a project element.

If you want to delete the project element, you require write authorization for the superior project element and administrative authorization for the document itself.

¡        Set manual threshold value violations

¡        Grant the individual approval of a phase

You cannot perform the following activities with this authorization:

¡        Create and delete project elements

¡        Change authorizations

¡        Plan dates

¡        Begin, cancel, or grant approvals

¡        Create relationships for tasks

¡        Change the status of the project definition or phase

The authorization includes read authorization.

·        Read

This authorization enables you to display all data for the project element or document.

In addition to admin, write, or read, you can grant the following authorizations for the project definition:

·        Evaluate

This authorization enables you to perform evaluations for the project. When you perform the evaluation, the system checks for each displayed object whether the project participant has at least read authorization.

·        Resource management

This authorization enables you to find and assign resources in a project.

·        Accounting

If you already have admin authorization, you can carry out costing and display data from accounting with this authorization.

·        Staffing manager

If you are a staffing manager, the system displays all project roles with the staffing type Staffing by Resource Manager via Authorization and these are staffed by resources in the worklist of the external resource management application.

·        Candidate manager

If you are a candidate manager, the system displays all project roles with the staffing type Staffing by Resource Manager via Authorization and these are staffed by candidates in the worklist of the external resource management application.