Specifying user access rights

You specify user access rights in Asta Powerproject by setting up and configuring a combination of users and security groups.

You should create a user record for each individual who is to log into a project using a different user name and password. You may find it useful to create a hierarchy of users that reflects the hierarchy of your organisation. For example, you could create a number of user folders to represent each department within your organisation, with individual user records within each folder to represent the people within each department. If you create a hierarchy of users, you should create the entire hierarchy beneath the top-level user in the project - the Admin user.

You can assign different access rights to different users. You do this by creating a number of security groups in Library Explorer, with each security group defining a different level of access, and assigning users to the security group that matches the level of access that you want them to have. Security groups determine the access rights that users have to the charts, summary groups, fields and library objects within a project. You should create a security group for each different level of access that you want to grant the various users in a project. For example, the Project Manager may be a member of a security group that gives modify access to the whole project, but a Line Manager may be a member of a security group that gives only read-only access to the sections of the project that affect the manager and their team. You assign users to the appropriate security group using the Security group field on the User Properties dialog, or by using the Security Group Members dialog, which you can access by right-clicking a security group in Library Explorer and selecting Security Group Members.

You may find it useful to create a hierarchy of security groups that reflects the hierarchy of your organisation. For example, you could create a number of security group folders to represent each department within your organisation, with individual security group records within each folder to represent the different levels of access that people within the department should have. However, the security group hierarchy does not have to mirror the hierarchy of your organisation; nor does it have to mirror the hierarchy of users within the project.

If you create a hierarchy of security groups, you should create the entire hierarchy beneath the top-level security group in the project - the Admin security group, which has full rights to everything. When creating a hierarchy of security groups - with security groups located in folders together with other security groups that have similar or identical access rights - it is good practice to create the security group folders and assign appropriate access rights to them before creating the security groups within each folder. This way, the security groups that you create within a folder will automatically inherit the access rights that you have assigned to the folder. If you create the individual security groups before assigning access rights, you will have to assign access rights to each security group individually.

You can assign more than one user to each security group, but each user can be a member of only one security group.

When editing security groups, note that you cannot grant subordinate security groups access rights that your own security group does not possess. If you think you need to have your access rights extended, contact your System Administrator.

You can specify the access rights of members of security groups in the following ways:

For each individual chart within a project you can specify the access that members of the security group have to bars and tasks, links, cross-chart links (links that start in one chart and end in another), demand, scheduled and cost allocations, and annotations.

For each type of object within a chart, you can specify the following levels of access:

Access level Description
Read Members of the security group can view all existing objects of this type, but cannot necessarily create, delete or modify them.
Create Members of the security group can create new objects of this type, but cannot necessarily delete or modify them. Giving Create rights automatically gives Read rights.
Delete Members of the security group can delete existing objects of this type, but cannot necessarily create them. Giving Delete rights automatically gives Read and Modify rights.
Modify Members of the security group can amend the properties of objects of this type, but cannot necessarily create or delete them. Giving Modify rights automatically gives Read rights.

If a security group is given Create rights but not Modify rights to bars and tasks, its members cannot create tasks in any empty bars above the last occupied bar in a chart, as this is seen as modifying an existing bar rather than creating a new one.

For example, if you are working with a programme of projects where each expanded task on the programme chart represents an individual project, you may want to give the members of a security group full access to all objects in one project, Read only access to all objects except cost allocations in another project, and no access at all to a third project. You might want to give a Resource Manager's security group full rights to scheduled resource allocations, but Read only rights to demand resource allocations, so that the Resource Manager can satisfy demand allocations without being able to edit them.

The access rights you specify for a chart apply automatically to all items within the chart, unless you subsequently specify different access rights for one or more of the chart's subcharts. For example, you could give read-only access to a chart, which would apply automatically to all of the chart's subcharts. You could then edit one of the subcharts and apply create, delete and modify access to it. This means that in most cases you do not have to specify access rights for every subchart; depending on the precision required, specifying rights for the top-level charts in your hierarchy might be enough.

To specify chart access rights for the members of a security group:

  1. Right-click the security group in Library Explorer, then select Properties. The Security Group Properties dialog appears.
  2. Click the Chart Access Rights tab. This tab displays the project hierarchy. The hierarchy of expanded tasks and summary tasks is displayed under the programme chart.
  3. Navigate around the project hierarchy and select a chart for which you want to specify access rights.
  4. Use the check boxes to specify access rights for the bar chart objects within the selected chart: select a check box to assign access rights or clear a check box to deny access rights. To assign access rights quickly, you can click Select All to select all the check boxes, then click Unrestricted or None to grant or deny access to all objects. Alternatively, click All as parent to give members of the security group the same access rights to this chart as they have to the chart's parent chart.

    Note that the members of a security group can only see links, allocations and annotations if you give Read access to bars and tasks, regardless of the access you give to the other objects.
  5. If the members of a security group have Read only access to tasks and allocations (ie they cannot modify them), they cannot enter progress against them unless you select the Enter Progress check box. Select this check box to enable Read only security group members to enter progress within a chart. Note that if the members of a security group have Modify rights to tasks and allocations, they automatically have rights to enter progress, so you do not have to select this check box.
  6. Specify whether the members of the security group have the right to delete completed sections of tasks and allocations using the Delete Progress check box. If you select this check box, members of the security group are able to delete completed sections (if their other access rights allow them to); if you clear it, they are unable to delete completed sections, regardless of their other access rights.
  7. If you want the members of the security group to be able to move a chart around the project hierarchy, but not to be able to edit the contents of the chart, deny access rights to the chart and select the Move Chart check box. This turns a chart into a fixed task set.
  8. Specify whether the members of the security group have the right to copy data within the selected chart using the Copy check box. If you clear this check box, members of the security group cannot do anything within the chart that would cause a copy of the data to be made - and therefore cannot paste the information within the chart into another chart or project. You may want to prevent users from copying data from within particularly sensitive charts or projects.
  9. Specify whether you want to make the selected chart available when a member of the security group opens this project in Elecosoft's free project viewing software - Project Viewer - using the Available in Project Viewer check box. Clearing this check box is a simple way of hiding charts that contain sensitive information from users of Project Viewer.
  10. Specify whether members of the security group have the right to baseline the selected chart using the Baseline check box.
  11. Specify whether members of the security group have the right to book out the selected chart using the Book out check box.
  12. Specify whether members of the security group have the right to reschedule the selected chart using the Reschedule check box.
  13. Use the check boxes in the Field Access group to specify whether the members of the security group have access to income, expenditure and float information within the selected chart. For example, you could give the members of a security group full access rights to bars, tasks and allocations, but withhold access to income and expenditure information relating to the tasks and allocations by clearing the Income and Expenditure check boxes. With these check boxes cleared, any fields relating to income, expenditure and float, on dialogs and in the spreadsheet, will appear blank and disabled.
  14. Click OK to save your changes.

When you have set rights for a chart, it is displayed in bold, unless you have set it to have the same rights as its parent.

If you add new charts to the project hierarchy, you must review the access rights of security groups to ensure that their members have appropriate access rights to the new charts.

You can specify the access that members of the security group have to Library Explorer objects. For some libraries, for example Code Library and Filter, you can specify access rights for each individual object within the library; for other libraries, for example Currency Unit and Resource Graph Definition, you specify access rights for the library itself, and these rights apply to each object within the library.

For each type of library object, you can specify the following levels of access:

Access level Description
Read Members of the security group can view all existing objects of this type, but cannot necessarily create, delete or modify them.
Create Members of the security group can create new objects of this type, but cannot necessarily delete or modify them. Giving Create rights automatically gives Read rights.
Delete Members of the security group can delete existing objects of this type, but cannot necessarily create them. Giving Delete rights automatically gives Read and Modify rights.
Modify Members of the security group can amend the properties of objects of this type, but cannot necessarily create or delete them. Giving Modify rights automatically gives Read rights.
Assign Members of the security group can assign objects of this type to bars, tasks, allocations etc within the bar chart, as long as they have Modify rights to bars and tasks, and Create rights to allocations.
Unassign Members of the security group can unassign objects of this type from bars, tasks, allocations etc within the bar chart, as long as they have Modify rights to bars, tasks and allocations, and Delete rights to allocations.
Edit Assignments

Members of the security group can edit allocations of the selected permanent resource, consumable resource, or cost centre. This check box does not appear for other types of library object.

 

You can use this check box to prevent members of a security group from being able to edit the allocations of specific permanent resources, consumable resources or cost centres, even if they are able to edit the resources or cost centres themselves. If the members of the security group do not have 'Modify' rights over a type of allocation in a particular chart or summary group (as specified on the Chart Access Rights tab of the dialog), they cannot edit an allocation in that chart or summary group, even if the Edit Assignments check box is selected for the resource or cost centre in question.

 

If you clear the Edit Assignments check box, members of the security group cannot edit allocations of the selected resource or cost centre, even if they have been given 'Modify' rights over allocations in one or more charts or summary groups. With the check box cleared, users can still delete or reassign allocations, or switch the allocation type between 'demand' and 'scheduled' - these actions are covered by the Unassign check box the Library Access Rights tab of the Security Group Properties dialog.

For example, you might want to give the members of a security group full access rights over permanent resources, but give Assign and Unassign rights only to the members of another security group, enabling them to assign existing permanent resources to tasks, but not to create new permanent resources or modify existing ones.

With hierarchical libraries, such as Permanent Resource and Code Library, the access rights you specify for a library apply automatically to all folders and items within the library, unless you subsequently specify different access rights for one or more of the folders or objects.

To specify library access rights for the members of a security group:

  1. Right-click the security group in Library Explorer, then select Properties. The Security Group Properties dialog appears.
  2. Click the Library Access Rights tab. This tab displays the different libraries in the project.
  3. Select a library, or a library folder or object for which you want to specify access rights.
  4. Use the check boxes to specify access rights for the selected library or object: select a check box to assign access rights or clear a check box to deny access rights. To assign access rights quickly, you can click Unrestricted or None to grant or deny access to objects. Alternatively, click All as parent to give members of the security group the same access rights to this object as they have to the object's parent.

    If you have specified a security library on the General tab, you should make this library read-only to prevent members of the security group from changing their access rights to the library.

    Note that you cannot disable the right to create views, as all users can create their own user views; however, you can specify whether the members of a security group can create project views.
  5. Use the check boxes in the Field Access group to specify whether the members of the security group have access to income and expenditure information for the selected library or object. For example, you could give the members of a security group full access rights to permanent resources, but withhold access to income and expenditure information relating to them by clearing the Income and Expenditure check boxes. With these check boxes cleared, any fields relating to income, expenditure and float, on dialogs and in the spreadsheet, will appear blank and disabled.
  6. Click OK to save your changes.

When you have set rights for a library, it is displayed in bold, unless you have set it to have the same rights as its parent.

If you add new library objects to the project hierarchy, you must review the access rights of security groups to ensure that their members have appropriate access rights to the new objects.

You can give the members of a security group particular access rights over bars and tasks with a particular code, in addition to the access rights defined using the Chart Access Rights tab of the User Properties dialog. For example, if a project has a Responsibility code library, you could give your Sales Manager full access to all tasks that have the Sales Manager code within that code library, even if the Sales Manager has only read-only access to charts within the project. This would enable them to edit tasks relating to themselves, regardless of where they appear in the project hierarchy.

You can only use a security library to add rights to certain tasks - you cannot use a security library to remove rights from certain tasks. For example:

  • You could use a security library to give a user access rights to Mechanical and Electrical tasks that appear in a number of charts throughout a project, without giving the user access rights to any of the other tasks in those charts. To do this, create a "Mechanical and Electrical" code library, assign codes from the library to the appropriate tasks in the project and specify this code library as the security library for the appropriate security group.
  • If a user has access rights to delete charts in a project, you could not use a security library to prevent the user from deleting charts, or tasks within charts, to which a code from the security library has been assigned.

To define special access rights for a security group for a particular code library:

  1. Right-click the security group in Library Explorer, then select Properties. The Security Group Properties dialog appears.
  2. Click the General tab.
  3. Select the code library for which you want to define special access rights in the Security library field.
  4. Click Properties. The Code Library Rights tab appears. Use this tab to define access rights that relate specifically to the selected security library, or to one of the codes it contains.

    If you use a security code library, you must use the Library Access Rights tab to make the library read-only, to prevent members of the security group from changing their access rights for the library.
  5. Click OK to save your changes.

You can specify the access that members of the security group have to all baselines, and to individual baselines.

You can specify the following levels of access:

Access level Description
Read Members of the security group can view baselines, but cannot necessarily create, delete or modify them.
Create Members of the security group can create new baselines and import projects as baselines, but cannot necessarily delete or modify them. Giving Create rights automatically gives Read rights. This level of access applies only when you specify access rights to all baselines.
Delete Members of the security group can delete existing baselines, but cannot necessarily create them. Giving Delete rights automatically gives Read and Modify rights.
Modify Members of the security group can amend the properties of baselines and merge data into baselines, but cannot necessarily create or delete them. Giving Modify rights automatically gives Read rights.

To specify baseline access rights for the members of a security group:

  1. Right-click the security group in Library Explorer, then select Properties. The Security Group Properties dialog appears.
  2. Click the Library Access Rights tab. This tab displays the different libraries in the project.
  3. Select Baselines, or a particular baseline for which you want to specify access rights.
  4. Use the check boxes to specify access rights for baselines: select a check box to assign access rights or clear a check box to deny access rights. To assign access rights quickly, you can click Unrestricted or None to grant or deny access to objects.
  5. Use the check boxes in the Field Access group to specify whether the members of the security group have access to income and expenditure information in baselines. With these check boxes cleared, any fields relating to baseline income, expenditure and float, on dialogs and in the spreadsheet, will appear blank and disabled.
  6. Click OK to save your changes.

When you have set rights for a baseline, it is displayed in bold, unless you have set it to have the same rights as all baselines.

If you create new baselines, you must review the access rights of security groups to ensure that their members have appropriate access rights to the new baselines.

You should specify the access rights that the members of a security group have over any security groups that are subordinate to the current security group in the security group hierarchy. To do this:

  1. Right-click the security group in Library Explorer, then select Properties. The Security Group Properties dialog appears.
  2. Click the General tab.
  3. Click the appropriate radio button in the Security Group Access group to specify the access rights that members of the security group should have over any security groups that are subordinate to the current security group in the security group hierarchy.
  4. Click OK to save your changes.

You should specify the access rights that the members of a security group have over users. To do this:

  1. Right-click the security group in Library Explorer, then select Properties. The Security Group Properties dialog appears.
  2. Click the General tab.
  3. Click the appropriate radio button in the User Access group to specify the access rights that members of the security group should have over users.

    By default, users are able to view, modify and create only those users that are subordinate to them in the user hierarchy. For example, if you structure a user hierarchy by department, with each departmental head being a user folder, by default, each departmental head is only able to view, modify and create users within their own department. If you want the members of a security group to be able to view, modify and create a different set of users, select a user folder in the dropdown field to the right of the radio buttons. All members of this security group will then be able to view, modify and create all users that are subordinate to the selected user folder.
  4. Click OK to save your changes.

You can specify whether the members of a security group can publish details of permanent resource allocations to Microsoft Outlook, where they appear as tasks, appointments or emails, or via SMTP email.

To specify whether the members of a security group are able to publish details of permanent resource allocations:

  1. Right-click the security group in Library Explorer, then select Properties. The Security Group Properties dialog appears.
  2. Click the General tab.
  3. Select the Publish check box to enable members of the security group to publish details of permanent resource allocations, or clear the check box to prevent them from doing this.
  4. Click OK to save your changes.

You cannot publish details of permanent resource allocations to Microsoft Outlook and via SMTP email in Asta Powerproject SaaS.

If you use Archive Manager to archive historic data from your projects, you must set up one or more security groups with rights to archive and restore data. You can only archive and restore data if you use Asta Enterprise.

To specify whether the members of a security group are able to archive and restore data using Archive Manager:

  1. Right-click the security group in Library Explorer, then select Properties. The Security Group Properties dialog appears.
  2. Click the General tab.
  3. Select the Archive/restore check box to enable members of the security group to archive data from and restore data to this project, or clear the check box to prevent them from doing this.

    Members of a security group can only archive data from charts and summary groups to which they have Read rights.
  4. Click the Chart Access Rights tab.
  5. Select the charts and summary groups from which you want members of the security group to be able to archive and restore data and ensure that the Read check boxes are selected for each one.
  6. Click OK to save your changes.

You can specify whether the members of a security group should be able to create, view and modify task pools. You may want to limit the ability to create or modify task pools to high-level users in order to prevent people from creating unwanted task pools, or accidentally modifying existing task pools.

To specify whether the members of a security group are able to create, view and modify task pools:

  1. Right-click the security group in Library Explorer, then select Properties. The Security Group Properties dialog appears.
  2. Click the General tab.
  3. In the Task Pool Access group of fields, click None to specify that members of the security group should have no access to task pools, click Read only to specify that they should be able to view the contents of task pools, but that they should not be able to edit their contents or create new task pools, or click Modify to specify that they should be able to create new task pools, view existing task pools and edit their contents.
  4. Click OK to save your changes.

You can prevent the members of a security group from being able to save (and therefore overwrite) project macros. This may be useful if you have company-wide macros that you do not want users to overwrite accidentally.

To specify whether the members of a security group are able to save project macros:

  1. Right-click the security group in Library Explorer, then select Properties. The Security Group Properties dialog appears.
  2. Click the General tab.
  3. Select the Save project macros check box to allow members of the security group to save project macros, or clear the check box to prevent them from doing so.
  4. Click OK to save your changes.

Macros are not available in Asta Powerproject SaaS.

You can specify whether the members of a security group can create project views, that is views that are accessible to all other users within a project. You may want to restrict the creation of project views to a subset of users; all users can create user views, which they can make available to other users if they wish.

To specify whether the members of a security group are able to create project views:

  1. Right-click the security group in Library Explorer, then select Properties. The Security Group Properties dialog appears.
  2. Click the General tab.
  3. Select the Create project level views check box to allow members of the security group to create project views, or clear the check box to prevent them from doing so.
  4. Click OK to save your changes.

You can specify whether the members of a security group can embed border files - files that frame the charts and histograms that you print - into a project. Embedding a border file into a project means that the border can always be used during printing even if the original border file itself is not distributed with the project. Note that embedding a border file into a project increases the file size of the project. If you allow the members of a security group to embed border files into a project, they are also able to delete embedded border files from the project.

To specify whether the members of a security group are able to embed and delete border files:

  1. Right-click the security group in Library Explorer, then select Properties. The Security Group Properties dialog appears.
  2. Click the General tab.
  3. Select the Embed/delete border files check box to allow members of the security group to embed and delete border files, or clear the check box to prevent them from doing so.
  4. Click OK to save your changes.

You can specify a number of project structure access rights that determine whether the members of a security group are able to identify that charts and summary groups represent individual projects, whether they are able to create and delete charts and summary tasks, whether they are able to reschedule projects and whether they are able to move completed sections of tasks.

To specify whether the members of a security group are able to structure and reschedule projects:

  1. Right-click the security group in Library Explorer, then select Properties. The Security Group Properties dialog appears.
  2. Click the General tab.
  3. Select the Toggle "Is a Project" check box to specify that members of this security group are able to identify that charts and summary groups represent individual projects, or clear the check box if you do not want them to be able to do this.
  4. Select the Create/delete charts check box to specify that members of this security group are able to create and delete expanded tasks and charts, or clear the check box if you do not want them to be able to do this.
  5. Select the Create/delete summaries check box to specify that members of this security group are able to create and delete summary tasks and summary groups, or clear the check box if you do not want them to be able to do this.
  6. Select the Reschedule check box to specify that members of this security group are able to reschedule the project, or clear the check box if you do not want them to be able to do this.

    You can specify whether members of the security group can reschedule individual charts within the project using the Reschedule check box on the Chart Access Rights tab of this dialog.
  7. Select the Move completed sections check box to specify that members of this security group are able to move sections of tasks and allocations that have been progressed, or clear the check box if you do not want them to be able to do this. You might want to prevent users from moving completed sections in a number of situations.
  8. Click OK to save your changes.

To specify whether the members of a security group are able to cancel book outs that have been performed by other users:

  1. Right-click the security group in Library Explorer, then select Properties. The Security Group Properties dialog appears.
  2. Click the General tab.
  3. Select the Cancel book out check box to to specify that members of this security group are able to cancel book outs that have been performed by any user, or clear the check box if you do not want them to be able to do this. Cancelling a book out destroys the link between the master and destination projects and means that the data in the destination project can no longer be booked into the master project.

    Users who have booked information out of a project are able to cancel the book outs that they have performed, even if this check box is cleared for their security group, but they can only cancel book outs that have been performed by other users if this check box is selected.
  4. Click OK to save your changes.

To specify whether the members of a security group are able to edit the fields in the 'Dates' section of the Properties tab of the Backstage view and the corresponding fields on the Properties tab of the Properties dialog:

  1. Right-click the security group in Library Explorer, then select Properties. The Security Group Properties dialog appears.
  2. Click the General tab.
  3. Select the Edit project date controls check box to specify that members of this security group are able to edit the fields in the 'Dates' section of the Properties tab of the Backstage view, the corresponding fields on the Properties tab of the Properties dialog and - when viewing the properties of the programme chart - the date-related fields on the Project tab of the Chart/Project Properties dialog, or clear the check box if you do not want them to be able to do this.
  4. Click OK to save your changes.

To specify whether members of a security group are able to edit project timelines:

  1. Right-click the security group in Library Explorer, then select Properties. The Security Group Properties dialog appears.
  2. Click the General tab.
  3. Select the Edit timeline check box to specify that members of this security group are able to add tasks to a project timeline, remove tasks from a timeline and format a timeline, or clear the check box if you do not want them to be able to do this.
  4. Click OK to save your changes.

Related Topics:

Copying user access rights and options to subordinate users

Asta Powerproject security