Versions Compared

Old Version 1

changes.mady.by.user Dave Ryan

Saved on

compared with

New Version Current

changes.mady.by.user Dave Ryan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Canopy defines a number of global roles to make permission management easier with the system. The system defined roles are as follows:


Role nameDefault PermissionsDescription
Administrators
  • ALL
This is the global administrator. This user can perform any action on the system and access any object - i.e. no restrictions. However, the admins activities are logged.
Technical Managers
  • project-view
  • project-edit
  • project-content-edit
  • project-create
  • phase-view
  • phase-edit
  • phase-content-edit
  • finding-comment
  • report-comment
  • reporttemplate-view
  • reporttemplate-edit
  • opportunity-view
  • opportunity-edit
  • opportunity-content-edit
  • opportunity-create
  • scope-view
  • scope-edit
  • scope-content-edit
  • sow-comment
  • sowtemplate-view
  • sowtemplate-edit
  • questionnaire-view
  • questionnaire-edit
  • methodologytemplate-view
  • methodologytemplate-edit
  • methodologytemplate-comment
  • tariff-view
  • tariff-edit
  • taxonomytemplate-view
  • taxonomytemplate-edit
  • kb-view
  • kb-edit
  • kb-approve
  • kb-add
  • kb-comment
  • company-view
  • company-edit
  • company-create
A Technical Manager is a user role that is one step down from an administrator. They are able to perform practically all operations on the system, with the exception of administration level actions (e.g. user management).
Senior Analysts
  • project-create
  • reporttemplate-view
  • methodologytemplate-view
  • methodologytemplate-comment
  • opportunity-create
  • kb-view
  • kb-edit'
  • kb-approve
  • kb-add'
  • kb-comment
  • company-view
A Senior Analyst is a trusted user within the system who can perform key operations, including KB management and project creation. By default, these users can also view (readonly) companies and methodologies.
Analysts
  • kb-view
  • kb-add
  • kb-comment
  • methodologytemplate-view
  • methodologytemplate-comment
An Analyst has a reduced set of permissions and must be explicitly granted access to a company, opportunity or project before they can work on anything. They are able to perform some operations, such as
Sales Managers
  • company-view
  • company-edit
  • company-create
  • opportunity-create
  • opportunity-view
  • opportunity-edit
  • opportunity-content-edit
  • sowtemplate-view
  • sowtemplate-edit
  • questionnaire-view
  • questionnaire-edit
  • tariff-view
  • tariff-edit
A special admin-like user for managing companies, and opportunities and their related templates. However, this user has limited access to projects and other technical content.
Account Managers
  • company-create
  • opportunity-create
A user for managing companies and opportunities. No default access to projects is assigned.
Peer Reviewer

Special permissions assigned on a short life time (as needed) for modifying a specific report and commenting on it.

These permissions are assigned based on the workflow engine.
Quality AssurerSpecial permissions assigned on a short life time (as needed) for modifying a specific report and commenting on it.These permissions are assigned based on the workflow engine.


Info

A number of additional roles will be included in the next iteration of Canopy, including: low privilege user role and the KB admin role.

...

The specific instances of these roles on their corresponding objects are explained next.

Company

RolePermissionsDescription
readonly
  • company-view
View only access to a company.
admin
  • company-edit
  • company-view
Manage the content and access control of an opportunity.

Opportunity

RolePermissionsDescription
readonly
  • opportunity-view
View only access to an opportunity.
write
  • opportunity-content-edit
  • opportunity-view
Manage content associated with an opportunity. However, the structure of the opportunity cannot be changed (e.g. add more phases).
admin
  • opportunity-edit
  • opportunity-content-edit
  • opportunity-view
Manage the structure, content and access control of an opportunity.

Project

RolePermissionsDescription
readonly
  • project-view
This is a readonly role. No content editing can be performed by a user with this role.
write
  • project-content-edit
  • project-view
Manage content associated with an opportunity. However, the structure of the opportunity cannot be changed (e.g. add more phases).
admin
  • project-edit
  • project-content-edit
  • project-view
Manage the structure, content and access control of an opportunity.

Granular Permission Descriptions

The following table lists and explains the granular permissions available in Canopy:

TODO...

...

Info

Adding further granular permissions is a relatively simple task, although it is something that CheckSec controls at the moment.