Project Security
Manage permissions on projects in the Analyst tool to control access to projects. You can add users to a project and assign permissions for users on a project.
Even if a user has the privilege to perform certain actions, the user may also require permission to perform the action on a particular asset.
When you create a project, you are the owner of the project by default. The owner has all permissions, which you cannot change. The owner can assign permissions to users.
You can assign the following permissions to a user or group:
- Read
- The user or group can open, preview, export, validate, and deploy all assets in the project. The user or group can also view project details.
- Write
- The user or group has read permission on all assets in the project. Additionally, the user or group can edit all assets in the project, edit project details, and delete all assets in the project.
- Grant
- The user or group has read permission on all assets in the project. Additionally, the user or group can assign permissions to other users or groups.
Project Permissions
Assign project permissions to users or groups. Project permissions determine whether a user or group can view assets, edit assets, or assign permissions to others. Permissions can be direct, inherited, or effective permissions.
Direct permissions are permissions that are assigned directly to a user or group. When users and groups have permission on an object, they can perform administrative tasks on that object if they also have the appropriate privilege. You can edit direct permissions.
Inherited permissions are permissions that users inherit. When users have permission on a project, they inherit permission on all folders and data objects in the project. When groups have permission on a project, all subgroups and users that belong to the group inherit permission on the project. For example, a project has a folder named Customers that contains multiple folders. If you assign a group permission on the project, all subgroups and users that belong to the group inherit permission on the Customers folder and on all folders in the folder.
Effective permissions are a superset of all permissions for a user or group. These include direct permissions and inherited permissions.
Users assigned the Administrator role for a Model Repository Service inherit all permissions on all projects in the Model Repository Service. Users assigned to a group inherit the group permissions.
Assigning Direct Permissions on a Project
You can add users to a project and assign direct permissions on a project to restrict, provide access, or manage the assets within the project.
1. Select a project on which you want to assign direct permissions.
2. Click the Edit Permissions icon.
The Edit Permissions dialog box appears.
3. Select users, groups, or both from the Users and groups panel.
4. Optionally, click the Add Users and Groups icon to add users and groups to the project.
The Add Groups and Users dialog box appears.
5. Select the users and groups to which you want to assign permissions.
6. Click Next.
7. Select the users and groups permissions.
8. Click Save.
9. Optionally, choose to filter the list of users and groups by name, security domain, or type of user or group.
- - To filter by name, enter a name or string above the Name field.
- - To filter by security domain, click the filter menu above the Security Domain field.
- - To filter by type, click the filter menu above the Type field and select user or group.
10. Select or clear the Read, Write, and Grant permissions in the Permissions panel.
11. Click OK.
Viewing Permissions on a Project
When you view permissions on a project, you can view the origin of effective permissions. Permission details display direct permissions assigned to the user or group, direct permissions assigned to parent groups, and permissions inherited from parent objects.
1. Select a project for which you want to view permissions.
2. Click the Effective Permissions icon.
The Effective Permissions dialog box appears.
3. View the effective permissions for users and groups. The permissions you see include both direct and inherited permissions.
4. Optionally, choose to filter the list of users and groups by name, security domain, or type of user or group.
- - To filter by name, enter a name or string above the Name field.
- - To filter by security domain, click the filter menu above the Security Domain field.
- - To filter by type, click the filter menu above the Type field and select user or group.
5. Click Close.