Introduction
Almost every page in Connections can have its security customized. This can range from who can read the page to what they are allowed to do there as well. But with the ability to do mostly anything you want with granting or revoking access to pages and their modules there can be a bit of a learning curve.
Note: Site Administrators have access to all areas of the application regardless of security settings.
Most pages in the application will have a icon in the top right area near the search bar that will take you to the security settings for that page. The top section named Security Settings will define the access to the object you are viewing. There are 5 security permissions for each security row which can be toggled between 3 different settings by pressing them. The legend for these settings is on the right side of every security page.
Security Basics - 5 security actions
Create - user/group can create items in a given area
Read - user/group can read items in a given area
Update - user/group can edit items in a given area
Delete - user/group can delete items in a given area
Delegate - gives the ability to grant or restrict access to the given area via the security settings page.
Each row defines a role, user or security group with each of the 5 security permissions for a specific security section. Every section should have a Default line which applies to everyone on your site. If the Default line is set to Read and Update for the section then everyone on the site has access to view and edit the portion of the page that security section describes. Some of the default security roles are:
Default - everyone
Metric Owners - whoever is listed in the owners portion of the metric.
Given Individual - the person whose page this is
Reports To - the person this individual reports to and the people they report to, etc.
Organization Editor - a default security group which is added to most pages and usually has close to full access.
The icon next to Organization Editor tells you that it is a security group. Security groups are collections of individuals which can be created and managed by your site administrators for general security settings that would apply to more than one person. A common use for security groups is for members of a department to be in the same group. Which makes it is easier to manage the individuals in the security group rather than adding and removing individual rows of security in multiple places.
An individual in Connections may meet multiple criteria within a security section. In such a case the security will be combined through all roles that apply to the individual. The individual may be able to read the page via the Default settings and then have the ability to Update and Delete from the department security group. In the case of a deny being set on one of the security actions, such as Delete, it would override any security set from the other roles and that individual would not be able to perform that action.
Security Inheritance
Below is the overall hierarchy for security in Connections. List items in bold have their own security pages. The rest of the list items inherit their security from the page they can be found on. For example organization dialogs get their security from the Default Settings For Dialogs section on the organization security page. Since the organization dialogs do not have their own page you do not need to propagate the changes in order for them to take effect. This does mean that all bold security items in the list below will require propagation from the item above them in order to update existing security.
- Site
- Organization
- Organization Metric
- Organization Dialog
- Organization Dialog Task
- Project
- Project Metric
- Project Task
- Project Dialog
- Project Dialog Task
- Core Values
- Department
- Department Metric
- Department Dialog
- Department Dialog Task
- Project
- Project Metric
- Project Task
- Project Dialog
- Project Dialog Task
- Individual
- Individual Metric
- Personal Task
- Basic Role
- Basic Role Task
- Individual Dialog
- Individual Dialog Task
- Individual Commitment
- Personal Development Goal
- Individual Performance Report ([PM Feature] The individual and people up the reporting tree from the individual can view this report)
- Organization
At the top of the security hierarchy is the default settings for the whole site. Your site administrators can define at the site level what security is by default added to newly created Organizations, Departments and Individuals. Anything not specifically mentioned on the list above such as Related Links is lumped in with the page itself and shares the same security as the overall page.
When security is changed for descendants/sub-pages, such as changing project metric security on the project page, the existing descendant's security is not changed. The update made for project metrics will define the default security settings for all metrics created afterward on that project. In order to pass these new settings to existing metrics.
Another common goal is to give individual dialog access to the individual's manager. In this scenario on the security page for the individual, under Default Settings For Individual Dialogs, set the Reports To row to have Read access in order to allow the manager access to the dialogs.
Security Propagation
Security propagation is a useful tool to make changes to multiple things at once. You can propagate security at the top of a security section using the icon. When propagating security it uses the current settings in the security module and modifies them to applicable modules below itself. Higher list items are able to propagate security down a level or more below themselves. The default security settings in site administration can propagate its security settings to everything on the site so be careful which propagation method you use.
In the following example we will look to add a security group for the Finance Department which shares the same name. Brian Johnson was originally being added to each of the dialogs but now that he and other department members were added to the Finance Department security group his user will no longer need to be added in each module for access. Starting with the current security on the module and the changes we made it will go through the 3 options for security propagation and what the outcome would be afterward.
Current Security:
Default - Read
Organization Editors - Create, Read, Update, Delete, Delegate
bjohnson@example.org - Create, Read, Update, Delete
New Security to Propagate:
Default - Read
Organization Editors - Read, Update, Delete
Finance Department - Create, Read, Update, Delete
After Option 1: (overwritten) everything is copied exactly, other values overwritten
Default - Read
Organization Editors - Read, Update, Delete
Finance Department - Create, Read, Update, Delete
After Option 2: (add & update)
Default - Read
Organization Editors - Read, Update, Delete
bjohnson@example.org - Create, Read, Update, Delete
Finance Department - Create, Read, Update, Delete
After propagating with option 3: (add only), you would have:
Default - Read
Organization Editors - Create, Read, Update, Delete, Delegate (unchanged)
bjohnson@example.org - Create, Read, Update, Delete
Finance Department - Create, Read, Update, Delete
Comments
0 comments
Please sign in to leave a comment.