Content
Updated by Niels Lindenthal 4 days ago
**User story**
**As an** Portfolio Manger As an OpenProject Admininistrator
**I I want to** have to set the permissions (read-only, edit, none) of each project attributes attribute in the Administration
So that I can ensure the "need-to-know-principle". This means the users can get the information they need - but only portfolio managers can see or edit the information they need.
**So <br>
**Permission matrix example**
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p">Attribute A</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Attribute B</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Project Roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Admin</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Member</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Reader</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">[...]</p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Global roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Anonymous</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Non-member</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td></tr></tbody></table></figure>
**Complexity Analysis**
* Introduction of mapping of Project attributes &lt;-&gt; role, permissions data structure (5 - 20 PD)
* Admin UI for roles (8 - 12 PD)
* This excludes the &quot;bulk edit&quot; functionality as it becomes too large/impractical very quickly depend on the roles
* Adapt Project dashboard and API for new visibility checks using the new mapping (5 - 25 PD)
* Adapt columns and filters in project lists now that I** some of the attributes or their values are no longer selectable (10 - 30 PD)
* Open: How to deal with visible attribute in field (Probably remove it) (2 &nbsp;- 4 PD)
* Change validation mechanisms so users can make better decisions for my portfolio still edit attributes without having causing validations on e.g., other required custom fields (10 - 30 PD)
**Open**
* Migrations
* How to share all my evaluation with all handle a very large number of roles and attributes in one table. We might need some filtering later.
* Sections: Will they be hidden or visible when no project stakeholders. attribute is visible?
**As an** Portfolio Manger
**I
So
**So
**Permission matrix example**
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p">Attribute A</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Attribute B</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Project Roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Admin</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Member</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Reader</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">[...]</p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Global roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Anonymous</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Non-member</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td></tr></tbody></table></figure>
**Complexity Analysis**
* Introduction of mapping of Project attributes &lt;-&gt; role, permissions data structure (5 - 20 PD)
* Admin UI for roles (8 - 12 PD)
* This excludes the &quot;bulk edit&quot; functionality as it becomes too large/impractical very quickly depend on the roles
* Adapt Project dashboard and API for new visibility checks using the new mapping (5 - 25 PD)
* Adapt columns and filters in project lists now
* Open: How to deal with visible attribute in field (Probably remove it) (2 &nbsp;- 4 PD)
* Change validation mechanisms so users
**Open**
* Migrations
* How
* Sections: Will they be hidden or visible when no