|
|
|
|
|
|
With Version 6, the Security Permissions in TeamHeadquarters have become easier to manage.
The Permissions are no longer controlled by Active Directory Users and Security Groups. Now, security is controlled entirely within TeamHeadquarters.
There are no longer any 'Deny' rights.
Roles are used for controlling access to certain functions, in addition to the Permissions. This change makes it easier to control the experience by placing people in Roles, without having to alter Permissions.
These roles are built-in and cannot be removed:
|
Role |
Description |
|
System Administrator |
Full access to all functions |
|
TeamHeadquarters Administrator |
Full access to all functions, but cannot create sub-domains |
|
Executives |
Full control over Projects and Queues |
|
Project Sponsors |
Create and Control Projects and Queues |
|
PMO |
Create, Assign, and Control Projects |
|
Project Managers |
Create and Organize Projects |
|
Support Managers |
Create and Organize Queues |
|
Template Administrators |
Manage Templates and Command Lists |
|
User Administrators |
Create and Manage User Accounts |
Additional Roles can be added using the System Administration settings for Add/Update Security Roles.
Users can be added to Roles in two ways:
Via the System Administration settings for User Settings and Security.
Via the User Preferences for Manage Security Roles.
Permissions can be used to restrict access, beyond what is defined by Roles. For example, Project Managers can create and assign projects in any Organizational Unit's Projects folders. You can use Permissions to control access so that certain Projects folders are available to only a subset of the Project Managers.
To access restricted functions (like creating Projects and Queues) a user must be in the proper Role and have appropriate Permissions.
A tutorial on Security Permissions
TeamHeadquarters uses an access permissions model similar to Microsoft Windows 2000/2003. This model allows every object, folder, and file within the system to have unique access permissions. Users who are familiar with the Windows permissions model will find TeamHeadquarters to be intuitive.
Right-click an object and a functions menu will appear, including the Permissions option when appropriate. Select Permissions. To add permissions, click Add and use the Active Directory navigator to select a user or group, and then set the individual settings that apply. To remove permissions for a user, select that user from the permissions list and click Remove.
Permissions can be set to allow or deny access. Denial of access takes precedence over allowance. In other words, where both allow and deny are in force, access will be denied. It is recommended that Allow be used whenever possible.
The TeamHeadquarters database is hierarchical and can allow permissions to be 'inherited' from above, just as in Windows 2000/2003. Therefore, it is possible to set basic global permissions at the top of the hierarchy and have them inherited throughout the entire database while augmenting those inherited permissions for any data object. It is also possible to 'break' this inheritance by un-selecting the Inherit Permissions option.
