Selecting Resource Security Based on Resource Type

Prerequisites

To view and set the permissions for a particular resource, you need to add grantee on the following screens:

  • Manage Resource Security for Events
  • Manage Resource Security for Repositories
  • Manage Resource Security for Synchronization Profiles
  • Manage Resource Security for Work Items

Procedure

  1. Event: When an event is selected as the Resource Type on the Manage Resource Security screen, you can set permissions under Resource Type in the Manage Resource Security for Events screen.
  2. Repository: When a repository is selected as the Resource Type and a specific repository is selected in the Resources drop-down list of the Manage Resource Security screen, you can set permissions for the following resources under Resource Type in the Manage Resource Security for Repositories screen.
    • Attribute Group: Permissions can be set for a specific attribute group within a repository. All available attribute groups for the selected repository are listed under the Resources drop-down list.

      Attribute Group permissions are used when records are viewed, edited, or added. They are not applied when metadata is edited.

    • Repository: Permissions can be set for the entire repository.

      Following repository permissions apply to metadata management: Create, Modify, Input Mapping, Management of classifications, Rulebase management, View, Show usage, Copy, Delete, and Named version management.

      The following repository permissions apply to record management: Import records, Browse Records, Export Records, Mass update records, and Text Search.

    • Record: Permissions can be set for records within a repository. Currently, only ALL option is available in the Resources drop-down list when a Record is selected.
    • Relationship: Permissions for a specific relationship of the repository can be set. All available relationships for the selected repository are listed under the Resources drop-down list. Reverse relationships of the same repository are shown as separate entries. For example, if a repository has a cross-repository relationship, a contains (self forward), and a containedby (self reverse) relationships, all three are listed. However, the name of the reverse relationship for the cross-repository relationship will be shown in the Resources drop-down list of the target repository.

      For each relationship defined, permission can be allowed or denied for the following: Full control, Add new related record, Remove relationships, Modify relationships attributes, Search records to add relationships, View relationships and related records.

      Relationship permissions do not apply once the message is delivered to workflow. Relationships are used in workflow activities without resource security.

      Relationships option is not displayed when there are no relationships defined for a repository.

    • Subset: This option appears when you select Resource Type as Repository and Resource as a specific repository and the selected repository has Subset Rules created for it. This option allows you to set permissions based on a filter on repository records.
    • Classification Scheme: You can set permissions for a specific classification scheme or all classification schemes within a repository. If the classification is not defined for a repository, the Classification Scheme option is not displayed in the Resource Type drop-down list.

      If you select a single classification scheme from the Resources drop-down list, the following two permissions are displayed on which you can set the Allow or Deny permissions: Full Control and Browse Records by Classification.

      If you select the All option from the Resources drop-down list, the Create Private Classification permission is displayed on which you can set the Allow or Deny permission.

      By default, Allow is selected for Full Control. However, when the private classification scheme is created, the permission to browse private classification scheme is granted only to the user who created it and denied to all other roles.

      For more information on Classification Scheme, refer to Classification Schemes.

    • Perspective: Permissions can be set for a specific perspective within a repository. All available perspectives for the selected repository are listed under the Resources drop-down list.

      For each perspectives defined, permission can be allowed or denied for the following: Full Control and Browse Records by perspective.

      By default, Allow is selected for Full Control and Browse Records by perspective. However, if the user or role is denied permission to browse, they cannot see the name of the perspective on the drop-down menu on the record UI.

      If the perspective is not defined for a repository, the perspective option is not displayed in the Resource Type drop-down list.

  3. Synchronization Profile: When a synchronization profile is selected as the Resource Type on the Manage Resource Security screen, you can set permissions under Resource Type in the Manage Resource Security for Synchronization Profiles screen.
  4. Work item: When a work item is selected as the Resource Type on the Manage Resource Security screen, you can set permissions under Resource Type in the Manage Resource Security for Work items screen.