Global and project roles

Manage application permissions using global and project roles. Global roles restrict general application features, whereas project roles restrict project-level capabilities.

Global Role

A global role is a collection of permissions that govern access to application features. This page presents a list of all global roles, and allows you to create new roles. The roles appear as rows, with individual columns representing permissions. Permissions relevant to a global role are:

CategoryPermissionname
UserManagementManageusers&groups
Modifyownusersettings
AdministrationDeleteabusinessunit
Editallprojects
Createabusinessunit
Viewallbusinessunits
Viewallprojects
ManageRiskPolicies
IntegrationEditIssueTrackerConnections
EditVerificationConnections
EditProjectConnections
SyncwithallIssueTrackertools
TasksChangealltaskstatus
Verifyalltasks
Writenotesonalltasks
ProjectManagementDeleteProject
Editcustomreports
Archiveapplication
Addapplication
Deleteapplication
Addproject
CustomizationCustomizecontent

Default global roles

SD Elements ships with a default set of global roles:

  • Administrator: An administrator can create new applications and projects, and view all the projects in their organization. They can also manage the users in their organization and customize the site content.

  • Project Lead: A project lead has permission to create new applications and projects.

  • Sync Service: A service role used by automation to perform integration syncs. Intended for future usage.

  • User: A regular SD Elements user has permission to participate in projects.

  • No Role: This role confers no permissions.

Change the default user global role

You can select a global role to assign to new users. By default this value is the restricted User role. You may want to give users more permissive roles, such as Project Lead, or a custom role.

Users automatically provisioned through Single Sign-On (SSO), such as SAML and LDAP, are granted the default global role. New users access the system and are granted permissions automatically based on this role.
Prerequisites:
  • The user has the permission Global role→User Management→Manage users & groups.

Steps:
  1. Open the Manage→Global Roles page.

  2. Click the edit button on the top right. A dialog will appear.

    image
  3. Select a global role.

  4. Click Done.

New users are assigned to the selected global role.

Project Role

This page presents a list of all project roles, and allows you to create new roles. Permissions tracked in project roles are:

Category Permission name

Category

Permission name

Tasks

Assign tasks to users

Change task status

Verify tasks

Write notes on tasks

Integration

Sync with Issue Tracker tools

Project Management

Edit project membership

Create project specific task

Edit project details

Archive project

Lock project survey

View project

Edit project survey

CategoryPermissionname
TasksAssigntaskstousers
Changetaskstatus
Verifytasks
Writenotesontasks
IntegrationSyncwithIssueTrackertools
ProjectManagementEditprojectmembership
Createprojectspecifictask
Editprojectdetails
Archiveproject
Lockprojectsurvey
Viewproject
Editprojectsurvey

An administrator can create custom project roles based on any combination of the permissions above.

Default project roles

SD Elements ships with a default set of project roles:

  • Read-Only: This user can view the project, but cannot make any changes.

  • Normal: This user can view the project and change the project settings, change the status of Countermeasures, and add notes.

  • Manage Project: This user is the same as a normal user, with additional permissions to archive the project (close the project), change the project description, and add/remove/change users and their roles for the project.

Role fields

Global and project roles have the following fields:

  • Name: This is the role name.

  • Description: This is a short description of the role.

  • Copy from: This copies the permissions from an existing role to get started, but is only valid for new roles.

Add or edit a role

You can create or edit custom global and project roles to match your access needs.

Prerequisites:
  • The user has the permission Global role→User Management→Manage users & groups.

Steps:
  1. Depending on the type of role:

    • Open the Manage→Global Roles page.

    • Open the Manage→Project Roles page.

  2. Click the plus button on the right.

  3. Fill in the fields described above.

  4. Select all the permissions you want to include with your role.

  5. Click Create.

When a role is created it can be assigned to users or groups. Permission updates take effect immediately.

Delete a role

You can delete your custom global and project roles. However, you cannot delete the default roles because the application depends on them.

Prerequisites:
  • The user has the permission Global role→User Management→Manage users & groups.

Steps:
  1. Depending on the type of role:

    • Open the Manage→Global Roles.

    • Open the Manage→Project Roles.

  2. Use search if you need to find the role.

  3. Hover your mouse over the row on the far right and select the trash can icon. A dialog will appear.

    image
  4. Select a role to assign to any users/groups that are currently assigned to the role you are removing.

  5. Click Delete.

The role is deleted immediately. Affected users and groups are assigned to its replacement.

results matching ""

    No results matching ""