How to Analyze permissions

You can analyze permissions rules of the read and write types to make sure that the new permission rule will not conflict with existing ones.

To analyze permissions

  • Log on to the database under Administrator user account or as a member of the Administrators group
  • Click Go To, and then click Entity Permissions.
  • Show the following columns: Type, Action, Entity, Priority, Included Users/Groups, Excluded Users/Groups, Event Type, and Active.
  • Click the Priority column header to sort permission rules.
  • Point to the Entity column header, click the Quick Filter button that appears on the right side of the column header, and then select the check box next to the Blank option and the check box next to required entity.

Analyze permission rules of the Read type

Make sure that there is at least one permission rule of the Read type that corresponds to the following conditions:

  • The check box in the Active column is selected.
  • The Included Users/Groups column contains required users and the Excluded Users/Groups column doesn't contains them.
  • The Filter row shows required filter conditions.

Examples

Permission rule Allow to read entity 'Task' created by me corresponds to the following conditions:

  • The check box in the Active column is selected.
  • The Included Users/Groups column contains the All value and the Excluded Users/Groups column is empty.
  • The Filter row shows [Creator] = '$Me'.

Permission rule Allow to read tasks assigned to me corresponds to the following conditions:

  • The check box in the Active column is selected.
  • The Included Users/Groups column contains the All value and the Excluded Users/Groups column is empty.
  • The Filter row shows [Assigned To] = '$Me'.

Permission rule Allow to read tasks I am owner of corresponds to the following conditions:

  • The check box in the Active column is selected.
  • The Included Users/Groups column contains the All value and the Excluded Users/Groups column is empty.
  • The Filter row shows [Owner] = '$Me'.

Permission rule Allow to read tasks related to my projects corresponds to the following conditions:

  • The check box in the Active column is NOT selected.
  • The Included Users/Groups column contains the All value and the Excluded Users/Groups column is empty.
  • The Filter row shows [Project] = '$MyProject'.

To activate the permission rule, click to select the check box in the Active column next to required permission rule.

Note If there is no permission rule of the Read type for required entity, you can add a new permission rule that allows users to view entities of required Entity Type with required filter conditions.

Tip Learnhow to set permissions.

Analyze permission rules of the Write type

Make sure that there is at least one permission rule of the Write type that corresponds to the following conditions:

  • The check box in the Active column is selected.
  • The Event Type column contains required event types.
  • The Included Users/Groups column contains required users and the Excluded Users/Groups column doesn't contains them.
  • The Filter row shows required filter conditions.
  • There is no conflicting permission rule that has a smaller value in the Priority column.

Examples

Permission rule Allow to write entity 'Task' created by me corresponds to the following conditions:

  • The check box in the Active column is selected.
  • The Event Type column contains the All value.
  • The Included Users/Groups column contains the All value and the Excluded Users/Groups column is empty.
  • The Filter row shows [Creator] = '$Me'.
  • There is no conflicting permission rule that has a smaller value in the Priority column.

Permission rule Allow to write tasks assigned to me corresponds to the following conditions:

  • The check box in the Active column is selected.
  • The Event Type column contains the All value.
  • The Included Users/Groups column contains the All value, and the Excluded Users/Groups column is empty.
  • The Filter row shows [Assigned To] = '$Me'.
  • There is no conflicting permission rule that has a smaller value in the Priority column.

Permission rule Allow to write tasks I am owner of corresponds to the following conditions:

  • The check box in the Active column is selected.
  • The Event Type column contains the All value.
  • The Included Users/Groups column contains the All value, and the Excluded Users/Groups column is empty.
  • The Filter row shows [Owner] = '$Me'.
  • There is no conflicting permission rule that has a smaller value in the Priority column.

Tip Learn how to allow users to reset their authentication passwords only and how to allow users to change task state only.

Note If there is no required permission rule of the Write type, or particular users are not included to such permissions rule, or particular users are excluded from such permission rule, they will not be able to make changes because of permission rule Deny to write all entities.

Tip Learn how to create a permission rule of the Write type.