Selecting Resource Security Based on Resource Type
Prerequisites
To view and set the permissions for a particular resource, you need to add grantee on the following pages:
Procedure
- Event: When an event is selected as the Resource Type on the Manage Resource Security page, you can set permissions under Resource Type on the Manage Resource Security for Events page.
-
Repository: When a repository is selected as the
Resource Type and a specific repository is selected in the
Resources drop-down list of the Manage Resource Security page, you can set permissions for the following resources under
Resource Type on the Manage Resource Security for Repositories page.
- Attribute Group: You can set permissions for a specific attribute group within a repository. All available attribute groups for the selected repository are listed under the
Resources drop-down list.
Attribute Group permissions are used when records are viewed, edited, or added. They are not applied when metadata is edited.
- Repository: You can set permissions for the entire repository.
Following repository permissions apply to metadata management: Create, Modify, Input Mapping, Management of classifications, Rulebase management, View, Show usage, Copy, Delete, and Named version management.
The following repository permissions apply to record management: Import records, Browse Records, Export Records, Mass update records, and Text Search.
- Record: You can set permissions for records within a repository. Currently, only ALL option is available in the Resources drop-down list when a Record is selected.
- Relationship: You can set permissions for a specific relationship of the repository. All available relationships for the selected repository are listed under the
Resources drop-down list. Reverse relationships of the same repository are shown as separate entries. For example, if a repository has a cross-repository relationship, a contains (self forward), and a containedby (self reverse) relationships, all three are listed. However, the name of the reverse relationship for the cross-repository relationship is shown in the
Resources drop-down list of the target repository.
For each relationship defined, permission can be allowed or denied for the following: Full control, Add new related record, Remove relationships, Modify relationships attributes, Search records to add relationships, View relationships and related records.
Relationship permissions do not apply once the message is delivered to workflow. Relationships are used in workflow activities without resource security.
Relationships option is not displayed when there are no relationships defined for a repository.
- Subset: This option appears when you select Resource Type as Repository and Resource as a specific repository and the selected repository has Subset Rules created for it. This option allows you to set permissions based on a filter on repository records.
- Classification Scheme: You can set permissions for a specific classification scheme or all classification schemes within a repository. If the classification is not defined for a repository, the
Classification Scheme
option is not displayed in the
Resource Type drop-down list.
If you select a single classification scheme from the Resources drop-down list, the following two permissions are displayed on which you can set the Allow or Deny permissions: Full Control and Browse Records by Classification.
If you select the All option from the Resources drop-down list, the Create Private Classification permission is displayed on which you can set the Allow or Deny permission.
By default, Allow is selected for Full Control. However, when the private classification scheme is created, the permission to browse private classification scheme is granted only to the user who created it and denied to all other roles.
For more information on Classification Scheme, refer to Classification Schemes.
- Perspective: You can set permissions for a specific perspective within a repository. All available perspectives for the selected repository are listed under the
Resources drop-down list.
For each perspectives defined, you can deny or allow permission for the following options: Full Control and Browse Records by perspective.
By default, Allow is selected for Full Control and Browse Records by perspective. However, if the user or role is denied permission to browse, they cannot see the name of the perspective on the drop-down menu on the record UI.
If the perspective is not defined for a repository, the perspectiveoption is not displayed in the Resource Type drop-down list.
- Attribute Group: You can set permissions for a specific attribute group within a repository. All available attribute groups for the selected repository are listed under the
Resources drop-down list.
- Synchronization Profile: When a synchronization profile is selected as the Resource Type on the Manage Resource Security page, you can set permissions under Resource Type on the Manage Resource Security for Synchronization Profiles page.
- Work item: When a work item is selected as the Resource Type on the Manage Resource Security page, you can set permissions under Resource Type on the Manage Resource Security for Work items page.
- Hierarchy: On the Manage Resource Security page, if you select Hierarchy as the Resource Type and a specific hierarchy or all hierarchies from the Resources drop-down list, you can set permissions on the Manage Resource Security for Hierarchies page.