Topic

Understanding user rights and profiles

Jul 19, 2006 / pixtur
Jul 4, 2008 / damian2
 

Attached files

mann_streber_projektitems.png
385142 bytes / ID 1429 / Jul 19, 2006
Show Details
mann_streber_projektitems.jpg
mann_streber_projektitems.jpg

#1430 by pixtur, 193k
 
Streber distinguishes two different rights:
  1. Project Role - project specific rights as team member
  2. User Profile - rights for everything else (Creating and editing or Persons, Companies and Projects)
The user's profiles only works as a default values. The role inside projects or the specific user rights (e.g. the right to delete projects) can be fine tuned later. Changing a user's profile will reset his user profile but will not affect his existing roles in projects.

Project Roleπ

All parts of a project (e.g. Tasks, Team Members, efforts, comment, etc.) are deferred from Items. Additional to common information like "Type", Date of creation and modification, etc items have a level of publication. Starting from private, over to visible for developers, visible for clients to visible for everyone''.


See the following image:
mann_streber_projektitems.jpg

The projects roles of team members are only defined by the levels of access to items of different publication. A client can only see what has been raised to public level public to clients by a project manager. The client can add comments to this items, but only at level private or suggested. For the rest of the team, those will only be visible if the project manager makes them visible.

Profilesπ

User profiles are primarily defined by five values:
  • level view
  • level edit
  • level create
  • level delete
  • level reduce

The predefine profiles in streber π

Rights for viewing and editingπ

other's private suggested internal open client client edit my assigned my owned
admin all all all all all all all all
pm edit edit edit edit edit edit edit
user, developer, artist, tester edit edit edit edit edit
client view edit edit edit
client trusted view view edit edit edit
guest, anonymous view view edit edit

Rights for creating and making publicπ

- as private as suggested as internal as open as client as client edit
admin all all all all all all
pm create create create create create create
user, developer, artist, tester create create
client create create
client trusted create create
guest, anonymous create create
Those profiles are defined in conf/conf.inc.php and could be extended of fine tuned if needed. The currently identical profiles for developers, testers, users, and artist were reserved to adjust streber's interface to the user's needs. But this is still to come.

Items outside a project?π

We are very frequently asked for a way to store items without a project. Currently this is not possible, because we can not check the right of the current user regarding to this items.



6 Comments

guest:

11 years ago (6. update 11 years ago) -

Is anybody else confused by this? Perhaps some of this is lost in translation but I think this could use a major overhaul, if not functionally but descriptively — I'm having a hard time wrapping my head around how this security model works.

guest:Picture in english?

11 years ago (2. update 11 years ago) -

I assume Programmierer is programmer, projektmanager is project manager and Privat is private but what does everything else mean? It looks like the whole role system can be easily understood from that picture, it would be good if anyone can translate it.

Thanks
barlas

guest:Picture translation

11 years ago (9. update 11 years ago) -

Hi,

there is the translation:

German English
Programmierer programmer
Kunde customer
Projektmanager project manager
Privat personal / private
Intern Management internal management
Vorgeschlagen suggested
Offen open
für Kunden sichtbar visible for customers
für Kunden editierbar editable by customers
für alle editierbar editable by everyone
Lesen reading
Erstellen / Bearbeiten / Veröffentlichen creating / modifying / publishing
I hope I could help :-)

Regards,
Sydney

to_be_deleted:It doesn't work this way

11 years ago

I don't think it works like this. For an example see . However, I think the great table shown above is not implemented. Please correct me if I'm wrong.

xl:Why is the table broken? (And why does it work here???)

11 years ago (2. update 11 years ago)

Rights for viewing and editingπ

other's private suggested internal open client client edit my assigned my owned
admin all all all all all all all all
pm edit edit edit edit edit edit edit
user, developer, artist, tester edit edit edit edit edit
client view edit edit edit
client trusted view view edit edit edit
guest, anonymous view view edit edit

Rights for creating and making publicπ

- as private as suggested as internal as open as client as client edit
admin all all all all all all
pm create create create create create create
user, developer, artist, tester create create
client create create
client trusted create create
guest, anonymous create create
Those profiles are defined in conf/conf.inc.php and could be extended of fine tuned if needed. The currently identical profiles for developers, testers, users, and artist were reserved to adjust streber's interface to the user's needs. But this is still to come.


stefan:Kunde und die Rechte

11 years ago

Hallo, ich weis leider nicht wo ich meine Frage stellen kann. Das Forum ist deaktiviert und hier habe ich leider nicht das passenden gefunden. Auch habe ich schon das Video gefunden, hat mir allerdings auch nicht weitergeholfen.

Beispielfall.

Ein Admin, ich

Zwei Firmen ( A und B )
Zwei Projekte je Firma.
Jeweils zwei Personen der Firmen, die als Kunde Aufgaben einstellen dürfen.
  1. Firmen erstellt.
  2. Personen erstellt, Firmen zugewiesen.
  3. Projekte erstellt, mich zugewiesen, und die jeweiligen Personen der Firmen.
Wenn ich mich als Admin einlogge, sehe ich alles, um muß für alle Objekte "Sichtbar für Kunden" wählen, damit die das auch sehen können.

Soweit ist das gut.

Wenn ich mich nun als Kunde einlogge, bekomme ich tatsächlich nur die Projekte/Firmen zu sehen. Zu denen ich gehöre. Drücke ich allerdings auf "Personen", kann ich auch den Admin sehen. Wähle ich diesen an, kann ich seine Aufwände und Aufgaben sehen, die er für andere Projekte angelegt hat.

Das kommt mir nicht richtig vor und ich weiß jetzt nicht genau,wie ich das verhindern könnte.

Was mache ich falsch bzw. wie soll das richtig aussehen?

streber ist in Version 0.08 installiert.

Noch was
  1. Die Uhr in Streber geht permanent eine Stunde nach, gleichgültig was ich im Profil wähle. Und es wir nicht in 24 Stunden, sondern in 12(am/pm) gehandelt.
  1. Vielleicht ein Bug, ich kann keine Person löschen, die schon mal einem Projekt zugwiesen wurde. Auch nicht wenn diese weder Aufgabe noch Aufwand hatte und vom Projekt abgezogen ist.

Danke für Hilfe und wenn ich falsch bin, bitte vermerken wo ich hin soll.

Vielen Dank.

Tschüß, Stefan