Permissions for Access to Work Items | Targetprocess - Visual management software

Permissions for Access to Work Items

Permissions for users to view, add, edit and delete entities in Targetprocess are granted based on multiple different settings. In this article we'll describe the rules used in order to provide or prohibit access to users for work items such as User Stories, Tasks, Bugs, Features, Epics, Requests etc.

View Entities

When a user has View access to an entity it means that the user can navigate to the fullscreen entity view by a link, or via Search by numeric ID or keyword. Also the entity is displayed to the user in views and reports. The user can start following the entity.

Users

Regular users (people with User account type) can view all entities in the Projects and Teams they are members of. Project members can see all items within the project. Team members can see all items assigned to the team.

Project Membership

Project Membership

Team Membership

Team Membership

Membership lists are displayed in the People tab of Projects and Teams fullscreen views and in the Projects & Teams tab of personal user profile views.

In some cases the users can view the entities that do not belong to Projects and Teams they are members of. Here are the examples:

Service Desk

  • Targetprocess users who are Owners or Requesters of a request can open it in a Service Desk, even if the request belongs to project or teams the users are not members of.
  • When a request has outbound related items and the request is displayed in Service Desk, then on the detailed page of the request users see related items including numeric IDs, titles, current states even when the items belong to projects or teams the users are not members of.

Visual Reports

  • When a Visual Report is configured by some user or Administrator, and the report owner shares the report with other users, then the viewers see data from the configured source such as projects and teams even when they are not members of some of the source projects or teams.

Externally Shared Views

  • When a view or a dashboard is shared for external viewers then any person who knows the direct link can see everything displayed on the view. Neither membership in projects and teams nor an active Targetprocess user account is needed for such access. More information: Share View with external users.

Direct Access Permissions

  • We now work on a feature that makes possible to grant a user access permissions to selected work items from hidden projects. More information: Direct Access to Entities.

Observers, Contributors, Administrators

Users with Observer / Contributor / Administrator account type can view any entities in all public Projects, both Active and Inactive.

 

Add Entities

Add access means that a user can create entities of a particular type within the system. The user automatically becomes Owner of created entities.

The ability to add entities of a particular type (Time, Bug, Feature and Epic, Test Case, Request, Iteration) to a Project may be configured according to Practices enabled in the settings of the Process of the Project.

Users, Observers

People with the User or Observer account types can add entities of a particular type within a Project or Team when they are members of the Project or Team, and their Role selected in the membership list has Add access permission in Role Settings.

Permissions of a user's Default Role are checked for the creation of entities that are not contained in any Project or Team: Projects, Programs, Teams, Users, Requesters, Companies.

Contributors

Users with the Contributor account type can add entities of a particular type within a Project or a Team according to the following rules:

  • When they are members of the Project or Team: Add access permission from Role Settings is checked for the Role selected in membership list of the Project or Team
  • When they are not members of the Project or Team, or when an entity is not contained in any Project or Team: Add access permission from Role Settings is based on the user's Default Role.

Administrators

Users with the Administrator account type can add any entities in all Active public Projects.

 

Edit Entities

Edit access means that a user can modify the name, description, state, user assignments and field values of a given entity type. A user can edit an entity only when view access to it is provided.

Starting with v.3.11.1, user roles have separate permissions for adding and editing.

Owners of work items can always modify them regardless of Roles and Permissions.

Assigned Users can change states of any entities they are assigned to regardless of Roles and Permissions. Also they have permissions to unassign other users and themselves.

Users, Observers

People with the User or Observer account types can edit entities of a particular type within a Project or Team when they are members of the Project or Team, and their Role selected in the membership list has Edit access permission in Role Settings.

Permissions of a user's Default Role are checked for modification of entities that are not contained in any Project or Team: Projects, Programs, Teams, Users, Requesters, Companies.

Contributors

Users with the Contributor account type can edit entities of a particular type within a Project or a Team according to the following rules:

  • When they are members of the Project or Team: Edit access permission from Role Settings is checked for the Role selected in membership list of the Project or Team
  • When they are not members of the Project or the Team, or when an entity is not contained in any Project or Team: Edit access permission from Role Settings is based on the user's Default Role.

Administrators

Users with the Administrator account type can edit any entities in all Active public Projects.

Permissions for Change Owner action

Access permissions to Owner field in entities are configured separately from the ones related to work items. More information: Who can change Owners and how.

 

Delete Entities

A user can delete an entity only when view access to it is provided.

Owners of work items can always delete them regardless of Roles and Permissions.

Users, Observers

People with the User or Observer account types can delete entities of a particular type within a Project or a Team when they are members of the Project or Team, and their Role selected in membership list has Delete access permission in Role Settings.

Permissions of a user's Default Role are checked for deletion of entities that are not contained in any Project or Team: Projects, Programs, Teams, Users, Requesters, Companies.

Contributors

Users with the Contributor account type can delete entities of a particular type within a Project or a Team according to the following rules:

  • When they are members of the Project or Team: Delete access permission from Role Settings is checked for the Role selected in membership list of the Project or Team
  • When they are not members of the Project or Team or when an entity is not contained in any Project or Team: Delete access permission from Role Settings is based on the user's Default Role.

Administrators

Users with the Administrator account type can delete any entities in all Active public Projects.

Advanced Settings

The following settings may affect access permissions:

Permissions for access to Time entries

Access permissions to Time entries are configured separately from the ones related to work items. More information: Permissions for Access to Time Entries.

Still have a question?

We're here to help! Just contact our friendly support team

Find out more about our APIs, Plugins, Mashups and custom extensions. Join our community of passionate users and even discuss directly with our developers.