Project and Portfolio Management Practitioners Forum
cancel

Request Security - Restrict for Specific Requests

SOLVED
Go to solution
Highlighted
Anne Gates
Regular Contributor.

Request Security - Restrict for Specific Requests

Hello Everyone,

Our existing request types have fairly open access for the population to view and edit. We have a new set of users that want to use several of the existing request types but want to restrict who can view/edit their requests. We are considering the option an entirely new set of request types with separate access but that means dual request type maintenance. Ideally, there would be a means in which the request creator could specify if they wanted access to that request left open or have it restricted and specify who could access it by resource/security group.

Is there an approach within the current security model that would approximate this functionality?

Thank you,
Anne
5 REPLIES
Nishant Rso
Valued Contributor.
Solution

Re: Request Security - Restrict for Specific Requests

Hi Anne,

In the Workbench you can use the User Access tab and define which group of users can have view/edit access for a particular request.

Thanks,
Nishant
Erik Cole
Acclaimed Contributor.

Re: Request Security - Restrict for Specific Requests

Anne, you can also use tokens in the User Access tab such that the token evaluates to a field on the request that would contain a user or security group.

For example, you can give edit rights to [REQ.ASSIGNED_TO_USER_ID]; or in the case of a project issue, grant edit to the related project's manager by using something like [PRJ="[REQ.P.KNTA_MASTER_PROJ_REF]".PROJECT_MANAGER]
Anne Gates
Regular Contributor.

Re: Request Security - Restrict for Specific Requests

Nishant and Erik,

Thank you for your answers. We are currently using the types of security you identified and that works as specified. I may have been unclear in my description of the issue. For example, we have Project Type'ABC' that uses the 'DEF' Request Type and we have 2 groups of users, X and Y. Both groups use the ABC project type to track their separate projects. However, the X team doesn't want the Y team to see their projects. We could make a another Request Type DEF2 with different User Access, but that will double the maintenance which we're trying to avoid. Was trying to come up with a 'dynamic' approach that the 'created by' user could specify on the request itself..like an input field specifying which security group had access.
Erik Cole
Acclaimed Contributor.

Re: Request Security - Restrict for Specific Requests

Anne, I don't see why that wouldn't work. Just specify a security group in a field on the request and reference that field's token in the user access of the request type. But you will also have to remove whatever other settings on that tab that allow your "fairly open access" in order for it to become restricted.
Anne Gates
Regular Contributor.

Re: Request Security - Restrict for Specific Requests

Thank you Erik. I will give it a try.

Anne