Global and project roles
Manage application permissions using global and project roles. Global roles restrict general application features, whereas project roles restrict project-level capabilities.
Global Role
A global role is a collection of permissions that govern access to application features. This page presents a list of all global roles, and allows you to create new roles. The roles appear as rows, with individual columns representing permissions. Permissions relevant to a global role are:
Category | Permissionname |
UserManagement | Manageusers&groups |
Modifyownusersettings | |
Administration | Deleteabusinessunit |
Editallprojects | |
Createabusinessunit | |
Viewallbusinessunits | |
Viewallprojects | |
ManageRiskPolicies | |
Integration | EditIssueTrackerConnections |
EditVerificationConnections | |
EditProjectConnections | |
SyncwithallIssueTrackertools | |
Tasks | Changealltaskstatus |
Verifyalltasks | |
Writenotesonalltasks | |
ProjectManagement | DeleteProject |
Editcustomreports | |
Archiveapplication | |
Addapplication | |
Deleteapplication | |
Addproject | |
Customization | Customizecontent |
Default global roles
SD Elements ships with a default set of global roles:
-
Administrator: An administrator can create new applications and projects, and view all the projects in their organization. They can also manage the users in their organization and customize the site content.
-
Project Lead: A project lead has permission to create new applications and projects.
-
Sync Service: A service role used by automation to perform integration syncs. Intended for future usage.
-
User: A regular SD Elements user has permission to participate in projects.
-
No Role: This role confers no permissions.
Change the default user global role
You can select a global role to assign to new users. By default this value is the restricted User role. You may want to give users more permissive roles, such as Project Lead, or a custom role.
Users automatically provisioned through Single Sign-On (SSO), such as SAML and LDAP, are granted the default global role. New users access the system and are granted permissions automatically based on this role. |
-
The user has the permission Global role→User Management→Manage users & groups.
-
Open the Manage→Global Roles page.
-
Click the edit button on the top right. A dialog will appear.
-
Select a global role.
-
Click Done.
New users are assigned to the selected global role.
Project Role
This page presents a list of all project roles, and allows you to create new roles. Permissions tracked in project roles are:
Category | Permission name |
---|---|
Category |
Permission name |
Tasks |
Assign tasks to users |
Change task status |
|
Verify tasks |
|
Write notes on tasks |
|
Integration |
Sync with Issue Tracker tools |
Project Management |
Edit project membership |
Create project specific task |
|
Edit project details |
|
Archive project |
|
Lock project survey |
|
View project |
|
Edit project survey |
Category | Permissionname |
Tasks | Assigntaskstousers |
Changetaskstatus | |
Verifytasks | |
Writenotesontasks | |
Integration | SyncwithIssueTrackertools |
ProjectManagement | Editprojectmembership |
Createprojectspecifictask | |
Editprojectdetails | |
Archiveproject | |
Lockprojectsurvey | |
Viewproject | |
Editprojectsurvey |
An administrator can create custom project roles based on any combination of the permissions above.
Default project roles
SD Elements ships with a default set of project roles:
-
Read-Only: This user can view the project, but cannot make any changes.
-
Normal: This user can view the project and change the project settings, change the status of Countermeasures, and add notes.
-
Manage Project: This user is the same as a normal user, with additional permissions to archive the project (close the project), change the project description, and add/remove/change users and their roles for the project.
Role fields
Global and project roles have the following fields:
-
Name: This is the role name.
-
Description: This is a short description of the role.
-
Copy from: This copies the permissions from an existing role to get started, but is only valid for new roles.
Add or edit a role
You can create or edit custom global and project roles to match your access needs.
-
The user has the permission Global role→User Management→Manage users & groups.
-
Depending on the type of role:
-
Open the Manage→Global Roles page.
-
Open the Manage→Project Roles page.
-
-
Click the plus button on the right.
-
Fill in the fields described above.
-
Select all the permissions you want to include with your role.
-
Click Create.
When a role is created it can be assigned to users or groups. Permission updates take effect immediately.
Delete a role
You can delete your custom global and project roles. However, you cannot delete the default roles because the application depends on them.
-
The user has the permission Global role→User Management→Manage users & groups.
-
Depending on the type of role:
-
Open the Manage→Global Roles.
-
Open the Manage→Project Roles.
-
-
Use search if you need to find the role.
-
Hover your mouse over the row on the far right and select the trash can icon. A dialog will appear.
-
Select a role to assign to any users/groups that are currently assigned to the role you are removing.
-
Click Delete.
The role is deleted immediately. Affected users and groups are assigned to its replacement.