Project and Portfolio Management Practitioners Forum
cancel

Security Big Issue

Highlighted
CarlosGomezCord
Frequent Contributor.

Security Big Issue

We need in pur project the following:

1) Users with a ROLE X (Security Group) must create a Request. The workflows advance to another status in wich this role cant edit anymore the request and cant do anything with the request.

The problem. Is neccesary that users with ROLE Y can edit that request in the new step fo the workflow.

I dont see how can we give permissions for editing request depending of security group and the state in the workflow. The problem is that the user that creates the request can edit it always. And if we disable edit the request, is disabled for all roles.

Can someone ecountered this issue? Is possible to solve it?

Thx, but this issue can derive in using PPM or no for our client :(
4 REPLIES
Alexandru Saven
Super Contributor.

Re: Security Big Issue

:) there is no direct method to do this; instead you have to combine the workflow status with field security, using, preferably, custom tokens to store usernames.

hope this helps and good luck with getting the deal!

Alex
CarlosGomezCord
Frequent Contributor.

Re: Security Big Issue

Thx for the help!!!! We have solved using a token and a trigger in Database for updating the token value for evaluating security in workflow's Steps.

CarlosGomezCord
Frequent Contributor.

Re: Security Big Issue

Another question similar to this issue:

When a user creates a request we have the modify permission in the fields by an token (a hidden field in request with default value = group id of the user).

The case is that the user cant modify the field when creating the request and the token have his group id by default informed.

with a previous created request all works fantastic, some groups can edit the request in some workflows steps and others not. But in creation process always ara disabled the fields and dont undrestand.

Can help me someone?

Thx
Alexandru Saven
Super Contributor.

Re: Security Big Issue

this is happening because your token is not evaluated in the "Not Submitted" status, and it will only be evaluated in the first step of the workflow.

You may solve your problem by restricting the people that can submit that request type (or include them in a specific group) and set that security group to be the only one that can submit the request type. You can then combine this with visibility of the fields in the "Not Submitted" status.

Best of luck
Alex