Global and project roles
Table of Contents
Manage application permissions using global and project roles. Global roles restrict general application features, whereas project roles restrict project-level capabilities.
Global Role
A global role is a collection of permissions that govern access to application features. This page presents a list of all global roles, and allows you to create new roles. The roles appear as rows, with individual columns representing permissions. Permissions relevant to a global role are:
| Category | Permission name |
|---|---|
Category |
Permission name |
User Management |
Manage users & groups |
Modify own user settings |
|
Administration |
Delete a business unit |
Edit all projects |
|
Create a business unit |
|
View all business units |
|
View all projects |
|
Manage Risk Policies |
|
Integration |
Edit Issue Tracker Connections |
Edit Verification Connections |
|
Edit Project Connections |
|
Sync with all Issue Tracker tools |
|
Tasks |
Change all task status |
Verify all tasks |
|
Write notes on all tasks |
|
Project Management |
Delete Project |
Edit custom reports |
|
Archive application |
|
Add application |
|
Delete application |
|
Add project |
|
Customization |
Customize content |
| Category | Permissionname |
| UserManagement | Manageusers&groups |
| Modifyownusersettings | |
| Administration | Deleteabusinessunit |
| Editallprojects | |
| Createabusinessunit | |
| Viewallbusinessunits | |
| Viewallprojects | |
| ManageRiskPolicies | |
| Integration | EditIssueTrackerConnections |
| EditVerificationConnections | |
| EditProjectConnections | |
| SyncwithallIssueTrackertools | |
| Tasks | Changealltaskstatus |
| Verifyalltasks | |
| Writenotesonalltasks | |
| ProjectManagement | DeleteProject |
| Editcustomreports | |
| Archiveapplication | |
| Addapplication | |
| Deleteapplication | |
| Addproject | |
| Customization | Customizecontent |
Default global roles
SD Elements ships with a default set of global roles:
-
Administrator: An administrator can create new applications and projects, and view all the projects in their organization. They can also manage the users in their organization and customize the site content.
-
Project Lead: A project lead has permission to create new applications and projects.
-
Sync Service: A service role used by automation to perform integration syncs. Intended for future usage.
-
User: A regular SD Elements user has permission to participate in projects.
-
No Role: This role confers no permissions.
Change the default user global role
You can select a global role to assign to new users. By default this value is the restricted User role. You may want to give users more permissive roles, such as Project Lead, or a custom role.
| Users automatically provisioned through Single Sign-On (SSO), such as SAML and LDAP, are granted the default global role. New users access the system and are granted permissions automatically based on this role. |
Prerequisites:
-
The user has the permission Global role→User Management→Manage users & groups.
Steps:
-
Open the Manage→Global Roles page.
-
Click the edit button on the top right. A dialog will appear.
-
Select a global role.
-
Click Done.
New users are assigned to the selected global role.
Project Role
This page presents a list of all project roles, and allows you to create new roles. Permissions tracked in project roles are:
| Category | Permission name |
|---|---|
Category |
Permission name |
Tasks |
Assign tasks to users |
Change task status |
|
Verify tasks |
|
Write notes on tasks |
|
Integration |
Sync with Issue Tracker tools |
Project Management |
Edit project membership |
Create project specific task |
|
Edit project details |
|
Archive project |
|
Lock project survey |
|
View project |
|
Edit project survey |
| Category | Permissionname |
| Tasks | Assigntaskstousers |
| Changetaskstatus | |
| Verifytasks | |
| Writenotesontasks | |
| Integration | SyncwithIssueTrackertools |
| ProjectManagement | Editprojectmembership |
| Createprojectspecifictask | |
| Editprojectdetails | |
| Archiveproject | |
| Lockprojectsurvey | |
| Viewproject | |
| Editprojectsurvey |
An administrator can create custom project roles based on any combination of the permissions above.
Default project roles
SD Elements ships with a default set of project roles:
-
Read-Only: This user can view the project, but cannot make any changes.
-
Normal: This user can view the project and change the project settings, change the status of tasks, and add notes.
-
Manage Project: This user is the same as a normal user, with additional permissions to archive the project (close the project), change the project description, and add/remove/change users and their roles for the project.
Role fields
Global and project roles have the following fields:
-
Name: This is the role name.
-
Description: This is a short description of the role.
-
Copy from: This copies the permissions from an existing role to get started, but is only valid for new roles.
Add or edit a role
You can create or edit custom global and project roles to match your access needs.
Prerequisites:
-
The user has the permission Global role→User Management→Manage users & groups.
Steps:
-
Depending on the type of role:
-
Open the Manage→Global Roles page.
-
Open the Manage→Project Roles page.
-
-
Click the plus button on the right.
-
Fill in the fields described above.
-
Select all the permissions you want to include with your role.
-
Click Create.
When a role is created it can be assigned to users or groups. Permission updates take effect immediately.
Delete a role
You can delete your custom global and project roles. However, you cannot delete the default roles because the application depends on them.
Prerequisites:
-
The user has the permission Global role→User Management→Manage users & groups.
Steps:
-
Depending on the type of role:
-
Open the Manage→Global Roles.
-
Open the Manage→Project Roles.
-
-
Use search if you need to find the role.
-
Hover your mouse over the row on the far right and select the trash can icon. A dialog will appear.
-
Select a role to assign to any users/groups that are currently assigned to the role you are removing.
-
Click Delete.
The role is deleted immediately. Affected users and groups are assigned to its replacement.