Data Definition folder Authorization

This tab is only visible if you are authorized to assign roles to users for the selected object.

View the users that have a specific role

1. Select a role. The pane "Users for <role name>" will show the users that are assigned the selected role for this document.
2. Users assigned to a role either for the object whose configuration you are viewing or for a higher-level object with propagation switched on, are shown in the pane Roles. However, roles assigned on a global level are only shown in the pane Users when a role is selected in the pane Roles.

Add a user to a role

1. Select the role you want a user to have.
2. Click the button Add. A new window pops up listing all users in the ITP/MDK Repository not already assigned this role for the selected object.
3. Select the user(s) in this list and click OK. You can use the keys Shift Ctrl to multi-select.

Note

Be careful with assigning roles to users. As a rule of thumb, assign the minimum number of roles necessary at the highest level possible. This rule will make it easier to work out which permissions a user has for a project, folder, document or document revision.

Remove a user from a role

To remove a user from a role, select the role concerned. Select in the pane "Users for <role name>" the user you want to remove and click the button Remove.

Allow authorization from parents to propagate to this object

This setting determines if changes made to the authorization of an objects also apply to its child objects. In other words, with this setting objects like folders and documents can be isolated from changes made to the authorization settings of the objects they reside in, be it folders or a project.

By default this setting is on which means that you only have to assign Roles on the project level to assign them for all objects inside that project. Switching this setting off by unchecking the check box blocks all changes to the authorization made in containing objects.

Propagate authorization to all child objects that allow propagation

The settings Propagate authorization to all child objects that allow propagation and Allow authorization from parents to propagate to this object forms the inheritance mechanism of authorization.

By default both settings are on. When the setting Propagate authorization to all child objects that allow propagation is switched off changes to the authorization settings will only be applied to the project. Note that this setting cannot be used to isolate the child objects from the changes made to a containing object. If you have for example a folder inside a project and you do not want changes to the authorization settings made to the project to have an effect on the documents inside the folder you should use uncheck the Allow authorization to propagate to this object settings on all documents inside the folder.

The setting Propagate authorization to all child objects that allow propagation is only used to effectuate changes made at that moment to any objects inside the object whose authorization settings have been changed.

Reset authorization on all child objects to these settings

The setting Reset authorization on all child objects to these settings allows you to force the authorization settings of a project or folder on all folders and documents inside them. In this way authorization levels can be reset for an entire project or folder structure to the settings of the containing object.

For a more detailed explanation refer to the chapter Roles and Authorization in the ITP/MDK Repository Manual.