The rules for roles

Roles in short:

• Roles are bundles of permissions to perform actions.
• Users are assigned to roles.
• Users are assigned to roles for specific objects.

Permissions

The rules for permissions are:

• No permission is granted by default.
  In other words, everything that is not explicitly allowed is forbidden.
• Permission is granted for a specific task on a specific (set of) object(s).
• Permissions cannot be suppressed.
  This is important because there is a global level. If a role is attached to a user in its Configuration window by the administrator, the user will have this Role ITP/MDK Repository wide. This also gives the possibility to set permissions for the ITP/MDK Repository without using the authorization mechanism.

Users

Users are assigned to roles.

There is no limit to the number of roles a user can have. However, permissions add up and cannot be revoked. For example, the permission to create ITP Models granted in a role on the global level, cannot be revoked on project level. Roles are created and defined by the Administrator. To help the administrator with this task, the User Authorization report is available that will list all roles a user has for all projects.

Global

The Administrator can assign roles to users on the ITP/MDK Repository wide level. This is done by configuring Users. Only the administrator can configure users by right clicking on User in the tree pane, then choose Configuration > Authorization.

Note

The permissions granted with the assignment of a role on this global level cannot be revoked on any other level of the ITP/MDK Repository.

Project, folder, document

A project contains folders that contain documents. This hierarchy also applies to the assigned roles. By default, when permission is granted, by assignment of a role, on project level it is also granted on folder level as well as on document level. This is called inheritance and it can be switched off for an object at the time.

For more information refer to:

Authorization and roles

Creating roles