Brief summary of this article:
Permissions for users to view, add, edit and delete entities in Targetprocess are granted based on multiple different settings. In this article, we'll describe the rules used in order to provide or prohibit access to users for work items such as User Stories, Tasks, Bugs, Features, Epics, Requests, etc.
View Entities
When a user has View access to an entity it means that the user can navigate to the fullscreen entity view by a link, or via Search by numeric ID or keyword. Also, the entity is displayed to the user in views and reports. The user can start following the entity.
Users
Regular users (people with User account type) can view all entities in the Projects and Teams they are members of. Project members can see all items within the project. Team members can see all items assigned to the team.
Project Membership
Team Membership
In some cases, the users can view the entities that do not belong to Projects and Teams they are members of. Here are the examples:
Service Desk
- Targetprocess users who are Creators or Requesters of a request can open it in a Service Desk, even if the request belongs to a project or teams the users are not members of.
- When a request has outbound related items and the request is displayed in Service Desk, then on the detailed page of the request users see related items including numeric IDs, titles, current states even when the items belong to projects or teams the users are not members of.
Visual Reports
- When a Visual Report is configured by some user or Administrator, and the report owner shares the report with other users, then the viewers see data from the configured source such as projects and teams even when they are not members of some of the source projects or teams.
Externally Shared Views
- When a view or a dashboard is shared for external viewers then any person who knows the direct link can see everything displayed on the view. Neither membership in projects and teams nor an active Targetprocess user account is needed for such access. More information: Share View with external users.
Direct Access Permissions
- We now work on a feature that makes it possible to grant a user access permissions to selected work items from hidden projects. More information: Direct Access to Entities.
Observers, Contributors, Administrators
Users with Observer / Contributor / Administrator account type can view any entities in all public Projects, both Active and Inactive.
Add Entities
Add access means that a user can create entities of a particular type within the system. The user automatically becomes Creator of created entities.
The ability to add entities of a particular type (Time, Bug, Feature and Epic, Test Case, Request, Iteration) to a Project may be configured according to Practices enabled in the settings of the Process of the Project.
Users, Observers
People with the User or Observer account types can add entities of a particular type within a Project or Team when they are members of the Project or Team, and their Role selected in the membership list has Add access permission in Role Settings.
Permissions of a user's Default Role are checked for the creation of entities that are not contained in any Project or Team: Programs, Users, Requesters, Companies.
Contributors
Users with the Contributor account type can add entities of a particular type within a Project or a Team according to the following rules:
- When they are members of the Project or Team: Add access permission from Role Settings is checked for the Role selected in membership list of the Project or Team
- When they are not members of the Project or Team, or when an entity is not contained in any Project or Team: Add access permission from Role Settings is based on the user's Default Role.
Administrators
Users with the Administrator account type can add any entities in all Active public Projects.
Edit Entities
Edit access means that a user can modify the name, description, state, user assignments, and field values of a given entity type. A user can edit an entity only when view access to it is provided.
Starting with v.3.11.1, user roles have separate permissions for adding and editing.
Creators of work items can always modify them regardless of Roles and Permissions.
Assigned Users can change the states of any entities they are assigned to regardless of Roles and Permissions. Also, they have permissions to unassign other users and themselves.
Users, Observers
People with the User or Observer account types can edit entities of a particular type within a Project or Team when they are members of the Project or Team, and their Role selected in the membership list has Edit access permission in Role Settings.
Permissions of a user's Default Role are checked for modification of entities that are not contained in any Project or Team: Programs, Users, Requesters, Companies.
Contributors
Users with the Contributor account type can edit entities of a particular type within a Project or a Team according to the following rules:
- When they are members of the Project or Team: Edit access permission from Role Settings is checked for the Role selected in membership list of the Project or Team
- When they are not members of the Project or the Team, or when an entity is not contained in any Project or Team: Edit access permission from Role Settings is based on the user's Default Role.
Administrators
Users with the Administrator account type can edit any entities in all Active public Projects.
Permissions for Change Creator action
Access permissions to Creator field in entities are configured separately from the ones related to work items. More information: Who can change Creators and how.
Delete Entities
A user can delete an entity only when view access to it is provided.
Creators of work items can always delete them regardless of Roles and Permissions.
Users, Observers
People with the User or Observer account types can delete entities of a particular type within a Project or a Team when they are members of the Project or Team, and their Role selected in membership list has Delete access permission in Role Settings.
Permissions of a user's Default Role are checked for deletion of entities that are not contained in any Project or Team: Programs, Users, Requesters, Companies.
Contributors
Users with the Contributor account type can delete entities of a particular type within a Project or a Team according to the following rules:
- When they are members of the Project or Team: Delete access permission from Role Settings is checked for the Role selected in membership list of the Project or Team
- When they are not members of the Project or Team or when an entity is not contained in any Project or Team: Delete access permission from Role Settings is based on the user's Default Role.
Administrators
Users with the Administrator account type can delete any entities in all Active public Projects.
Advanced Settings
The following settings may affect access permissions:
- Type of user account: User / Observer / Contributor / Administrator
- Presence or absence of a user in the membership (People) lists of Projects and Teams
- Selected Role for a user in Projects and Teams
- Selected Default Role for a user
- Permission settings set per Roles
- Being a Creator of work items
- Assignments to work items
- Project visibility settings: Active and Inactive Projects, Private Projects
- Enabled Practices in the settings of the Process of the Project
Permissions for access to Time entries
Access permissions to Time entries are configured separately from the ones related to work items. More information: Permissions for Access to Time Entries.
Still have a question?
We're here to help! Just contact our friendly support team.
Find out more about our APIs, Automation Rules, Mashups and custom extensions.