* Begin of the insertionForEnd of the insertion Begin of the deletion In _Admininistration_ -> _Projects_ -> _Project attributes_ -> <_Attribute A_> there isEnd of the deletion a Begin of the insertionproject attributeEnd of the insertion Begin of the deletion section "Permissions" (similar toEnd of the deletion the Begin of the insertionsetting `Admins only`End of the insertion Begin of the deletion "Participants" section in the meetings view).

* Example:

* Project role A (read-only)

* Project role D (edit)

* In _Administration_ -> _Users and permissions_ thereEnd of the deletion is Begin of the insertionrenamed to `Restricted visibility`.End of the insertion Begin of the deletion another menu entry "_Permissions project attributes_" showing a two dimensional permissions table that gives an overview of all project attributes.End of the deletion

* Begin of the insertionThereEnd of the insertion Begin of the deletion The permissionsEnd of the deletion are Begin of the insertiontwo new global permissions:End of the insertion Begin of the deletion enforced in all relevant views:End of the deletion

* Begin of the insertionView restricted project attributesEnd of the insertion Begin of the deletion Project overviewEnd of the deletion

* Begin of the insertionEdit restrictedEnd of the insertion Begin of the deletion Project list

* API


**Alternative:**

* Change the "admin only" flag onEnd of the deletion project attributes Begin of the insertion

End of the insertion Begin of the deletion to "restricted" (better name needed)

End of the deletion * Begin of the insertionThere is a newEnd of the insertion Begin of the deletion A "restricted"End of the deletion project Begin of the insertionpermission:

End of the insertion Begin of the deletion attribute can only be viewed/edited by members of the project having the

End of the deletion * Begin of the insertionViewEnd of the insertion Begin of the deletion "ViewEnd of the deletion restricted project Begin of the insertionattributes

End of the insertion Begin of the deletion attribute" - for viewing

End of the deletion * Begin of the insertionEditEnd of the insertion Begin of the deletion "EditEnd of the deletion restricted project Begin of the insertionattributes

End of the insertion Begin of the deletion attribute" - for editing (requires view permission automatically)

End of the deletion * Begin of the insertionTo see or edit restricted project attributeEnd of the insertion Begin of the deletion The visibility and editability onEnd of the deletion the Begin of the insertionuser needs the global permissions **and** theEnd of the insertion project Begin of the insertionpermissions.End of the insertion Begin of the deletion overview page is adapted accordinglyEnd of the deletion

* Begin of the insertionA user that does not have both permissions can not see/editEnd of the insertion Begin of the deletion The visibility and editability onEnd of the deletion the Begin of the insertionrestrictedEnd of the insertion Begin of the deletion projects API is adapted accordingly

* The visibility/filterability/sortability on theEnd of the deletion project Begin of the insertionattributeEnd of the insertion Begin of the deletion list is adapted accordinglyEnd of the deletion

* Begin of the insertionThe permissionsEnd of the insertion Begin of the deletion On project creation, "restricted" and "required" custom fieldsEnd of the deletion are Begin of the insertionenforced in all relevant views:End of the insertion Begin of the deletion displayed and editable if the role automatically granted to the user creating a project grants the permission.End of the deletion

* Begin of the insertionProject overview

End of the insertion Begin of the deletion Setting "Required" and "restricted" in fact only makes sense if the role has that permission.

End of the deletion * Begin of the insertionProject list

End of the insertion Begin of the deletion \[open\] how can this be enforced or communicated

End of the deletion * Begin of the insertionAPI

* End of the insertion Administrators can still see all project attributes Begin of the deletion (since they will get the permission)


<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p">Permissions granted to role</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Attribute A (restricted)</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Attribute B (restricted)</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Attribute C (unrestricted)</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Project Roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Admin</p></td><td class="op-uc-table--cell"><p class="op-uc-p">view & edit restricted, edit project</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Member</p></td><td class="op-uc-table--cell"><p class="op-uc-p">view restricted</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Reader</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Controller</p></td><td class="op-uc-table--cell"><p class="op-uc-p">view & edit restricted</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">[...]</p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Global roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Anonymous</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Non-member</p></td><td class="op-uc-table--cell"><p class="op-uc-p">view restricted</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr></tbody></table></figure>End of the deletion