Content
Updated by Jörg Mollowitz 2 months ago
**As an** openproject instance admin a** project portfolio manager
**I want to** set the permissions (read, write, none) of each a project attribute
**So that I** can ensure the users get the relevant information but only the information they need on a global scale. need.
**Acceptance criteria**
* In the project overview details page there is a tab "permission". -> needs clarification: on the project overview or in the project administration settings? See comment 11/28/2023 1:15 PM by Oliver Günther; we would prefer option 1 (dynamic permissions)
* In this tab the permissions are defined for all project roles (none, read, write) and for all global roles. -> needs clarification: this tab should also be located in the project administration settings
* In Administration -> Projects -> Project attritutes there is a menu entry "Permissions" showing a two dimensional permission table that gives an overview across all project attributes. -> needs further specification: see addition in permission matrix example
**Permission matrix example**
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p"><br data-cke-filler="true"></p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Attribute A</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Attribute B</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Project Roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Admin</p></td><td class="op-uc-table--cell"><p class="op-uc-p">write</p></td><td class="op-uc-table--cell"><p class="op-uc-p">write</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Member</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read</p></td><td class="op-uc-table--cell"><p class="op-uc-p">write</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Reader</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">[...]</p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Global roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Anonymous</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Non-member</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td></tr></tbody></table></figure> class="op-uc-p">read</p></td></tr></tbody></table></figure>
**Open**
* Migrations
* How to handle a very large number of roles and attributes in one table. We might need some filtering later.
* Introduction of specific project attributes on a project level -> when implemented, a separate permission structure (on project level) has to be specified
* Question: which effects would this have on the project list (and its exports)
* Question: The parallel implementation of attributes for projects and work packages (as suggested by Oliver) raises the follow-up question of filter options. What else would be needed to be able to implement common filters for project attributes and work package attributes?
**I want to** set the permissions (read, write, none) of each
**So that I** can ensure the users get the relevant information but only the information they need on a global scale.
**Acceptance criteria**
* In the project overview details page there is a tab "permission". -> needs clarification: on the project overview or in the project administration settings? See comment 11/28/2023 1:15 PM by Oliver Günther; we would prefer option 1 (dynamic permissions)
* In this tab the permissions are defined for all project roles (none, read, write) and for all global roles. -> needs clarification: this tab should also be located in the project administration settings
* In Administration -> Projects -> Project attritutes there is a menu entry "Permissions" showing a two dimensional permission table that gives an overview across all project attributes. -> needs further specification: see addition in permission matrix example
**Permission matrix example**
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p"><br data-cke-filler="true"></p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Attribute A</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Attribute B</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Project Roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Admin</p></td><td class="op-uc-table--cell"><p class="op-uc-p">write</p></td><td class="op-uc-table--cell"><p class="op-uc-p">write</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Member</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read</p></td><td class="op-uc-table--cell"><p class="op-uc-p">write</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Reader</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">[...]</p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Global roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Anonymous</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Non-member</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td></tr></tbody></table></figure>
**Open**
* Migrations
* How to handle a very large number of roles and attributes in one table. We might need some filtering later.
* Introduction of specific project attributes on a project level -> when implemented, a separate permission structure (on project level) has to be specified
* Question: which effects would this have on the project list (and its exports)
* Question: The parallel implementation of attributes for projects and work packages (as suggested by Oliver) raises the follow-up question of filter options. What else would be needed to be able to implement common filters for project attributes and work package attributes?