Configuring security rules

You use the Security Rules page to configure rules that determine the actions that users are able to carry out in Asta Vision.

To access the Security Rules page from the Asta Vision Home page, click Admin then click Security rules.

You assign one or more user roles to each security rule to specify which users can carry out certain actions.

You can configure security rules to assign access rights in a wide range of ways. For example, you might want to set up a security rule that allows Project Manager users to view projects with the same Region as themselves as well as projects to which they are assigned. If any one of a user's roles is assigned to a security rule, the user has the right to carry out that action. For example, if one of a user's roles is assigned to a security rule that allows them to edit all projects, and another of the user's roles is assigned to a security rule that allows them to edit only projects in a specific region, the former rule takes precedence: they will be able to edit all projects, regardless of region.

You can configure the following types of project security rule:

  • Read Project.
  • Edit Project.
  • Check In/Out Programme.
  • Create Project.
  • Can Be Assigned To Project.
  • Delete/Archive Project.
  • Cancel Check Out.
  • Submit Programme.
  • Override Start Programme.
  • Edit Project Collaboration Settings.
  • Override Quality Check Submit Restrictions.
  • Override Check In/Out Programme Restrictions.

You can configure the following types of web progress security rule:

  • Edit Progress.
  • Submit Progress.
  • Approve Progress.
  • Create Progress Chart Assignments.

You can configure the following types of miscellaneous security rule:

  • Add/Delete Files.
  • Manage Users.
  • Subscribe/Unsubscribe From Emails.
  • Manage Revisions.
  • Delete Revisions.
  • Read Programme Comments.
  • Add Programme Comments.
  • Edit/Delete Programme Comments.
  • Mark Programme Comment As Completed.
  • Manage Global Library Options.
  • Edit Global Library File.

The security rules that have been set up are categorised by the above types on the Security Rules page. Click Project Rules, Web Progress Rules or Miscellaneous Rules, depending on the security rule type you want to view.

To create a security rule:

  1. On the Security Rules page, click Project Rules, Web Progress Rules or Miscellaneous Rules, depending on the type of security rule you want to create. You see the corresponding list of security rule types.
  2. Click Create Rule to the right of the security rule type that you want to create. For example, to create a new security rule to determine which users are able to create projects, click Create Rule to the right of the Create Project security rule type. The Create Security Rule page appears, with the security rule type displayed in the Rule type field.
  3. Use the fields on the page to set up the security rule - see below for details of the fields on the page.
  4. Click Create. You return to the Security Rules page, where the new rule appears in the list, underneath the appropriate security rule type.

You can create security rules by making a copy of an existing rule and editing it. This is a good way of creating security rules if you want to set up a number of rules that are similar, but not identical, to each other, as it saves you from having to set up each rule from scratch.

To create a security rule based on a copy of an existing rule:

  1. On the Security Rules page, click Project Rules, Web Progress Rules or Miscellaneous Rules, depending on the type of security rule you want to copy. You see the corresponding list of security rule types.
  2. Click the Actions drop-down to the right of the security rule that you want to copy and select Copy. A copy of the security rule appears in the same category as the original rule.
  3. Click Edit to the right of the copy rule. The Edit Security Rule page appears.
  4. Use the fields on the page to edit the copy rule as required - see below for details of the fields on the page.
  5. Click Save Changes. You return to the Security Rules page.

To edit a security rule:

  1. On the Security Rules page, click Project Rules, Web Progress Rules or Miscellaneous Rules, depending on the type of security rule you want to edit. You see the corresponding list of security rule types.
  2. Click Edit to the right of the security rule that you want to edit. The Edit Security Rule page appears.
  3. Use the fields on the page to edit the security rule as required - see below for details of the fields on the page.
  4. Click Save Changes. You return to the Security Rules page.

To delete a security rule:

  1. On the Security Rules page, click Project Rules, Web Progress Rules or Miscellaneous Rules, depending on the type of security rule you want to create. You see the corresponding list of security rule types.
  2. Click the Actions drop-down to the right of the security rule that you want to delete and select Delete. A popup appears, asking you to confirm whether you want to delete the security rule.
  3. Click OK to delete the security rule and return to the Security Rules page.
Field Description
Rule type The type of security rule that you are creating or editing.
Rule applies to

Specify whether the rule applies only to the Asta Vision website, only to Asta Powerproject, or to both.

 

This field is useful if you want to set up one set of security rules that apply to the Asta Vision website and another set of security rules that apply to Asta Powerproject. For example, you could use this field to specify that non-administrator users are able to check out and check in programmes from within Asta Powerproject, but not from within the Asta Vision website.

 

The default setting means that new security rules apply to both.

 

This field is not available for some types of security rule.
Applies to roles

Select the user roles to which the security rule should apply. If you want the rule to apply to users of more than one role, CTRL or SHIFT-click to select as many user roles as you need. If the security rule should apply to all roles, do not select anything in this field.

 

To deselect a user role that is currently selected in this field, hold down CTRL and click the user role.
Fields

A list of field rules that apply to this security rule.

 

If you want the security rule to be triggered only if the value of one or more enumeration, integer or user-type user-defined fields matches certain criteria, you can add field rules to the security rule. For example, you may want to specify that a security rule should be triggered only when the value of an enumeration-type, project-level user-defined field that represents the regions in which you work equals 'North'. This would create a security rule that applied only to projects in your north region; you could create similar security rules that applied to the projects in your other regions. You may want to specify that a security rule should be triggered only when the value of an integer-type, project-level user-defined field that represents the cost of a project is greater than £40,000. This would create a security rule that applied only to projects that cost over £40,000. Or you may want to specify that a security rule should be triggered only when the value of a user-type, project level user-defined field matches either the currently logged-in user, or the user specified in a different user-type user-defined field.

 

To add field rules to the security rule:

  1. Click Add Field Rule. The New Field Rule popup appears.
  2. Specify whether to trigger the rule based on the value of a project, programme or user-level user-defined field in the Object field. For some types of rule, not all three types of user-defined field are available.
  3. Select the enumeration, integer or user-type user-defined field in the Field field. If you have selected 'Project' or 'User' in the Object field, all project or user-level, enumeration, integer and user-type user-defined fields are available; if you have selected 'Programme' in the Object field, all programme-level, enumeration, integer and user-type user-defined fields are available, as well as the Status and Type fields.
  4. Specify whether the rule should be triggered if the value of the selected field is equal to, or not equal to, a specific value in the Comparison field.

    If you have selected a user-defined field that relates to a hierarchical user-defined enumeration, you use this field to specify whether the rule should be triggered if the value of the selected field is within, or not within, a specific branch of the hierarchy.

    If you have selected an integer-type user-defined field, you can also specify that the rule should be triggered if the value of the selected field is less than, or greater than, a specific value.

    If you have selected a user-type user-defined field in which more than one user can be selected, the rule will be triggered if any one of the users selected in the field is equal to, or not equal to, a specific value.
  5. If the field rule is based on a project or programme-level, enumeration-type user-defined field, the With field appears. Select 'Fixed Value' to populate the Value field with the contents of the user-defined field specified above, or select 'User Field' to populate the Value field with the names of any user-level, enumeration-type user-defined fields.

    Selecting 'User Field' here enables you to specify that a rule should be triggered if the value of a programme or project-level user-defined field is equal to, or not equal to, the value of a specific user-level user-defined field. For example, you might want a rule to be triggered only if the value of a 'Region' user-defined field for a project matches the value of a 'Region' user-defined field for the logged-in user.

    If you select 'User Field' here, it is always the value of the field for the logged-in user that is compared, unless this is a 'Can Be Assigned to Project' rule, in which case the value of the field will be checked for each user in the assignment list, and a user will not be included if the field values do not match.
  6. Select the value that the selected field must be equal to, not equal to, less than, or greater than, for the rule to be triggered, in the Value field.

    If you are basing the field rule on a user-defined field that relates to a hierarchical user-defined enumeration, you select a branch of the hierarchy in the Value field. The rule will be triggered if the value of the selected field is within, or not within, any level of the selected branch.
  7. If you want the field rule to apply only to users with a specific user role, select the role in the Applies to role field. This field enables you to trigger rules according to different criteria for different types of user: a rule may be triggered for one type of user if field 'A' is set to a particular value, or it may be triggered for a different type of user if field 'B' is set to a particular value.

    If you need a field rule to apply to more than one type of user, you can set up two identical field rules, with the only difference being the user role specified against each one. This is easier than having to set up multiple security, workflow or email rules for different types of user.

    If you configure a field rule to apply only to users with a specific user role, the role name appears to the left of the field rule description in the list of field rules once you have created it:

    Two field rules, one with a particular user role highlighted

    The role name also appears to the left of the field rule description on the Security Rules, Workflow Rules or Email Rules page:

    A field rule description, with the user role highlighted
  8. For workflow and security rules, a Ignored by administrator roles check box is available. Select this check box if you want this field rule to be ignored for users with an administrator role, meaning administrator users will be able to carry out the rule's action even if this field rule is not met.
  9. Click OK. You return to the previous page, where a row appears for the field rule to the right of the Fields field. For workflow and security rules, field rules that do not apply to administrator users - those for which the Ignored by administrator roles check box has been cleared - are marked with a star.
  10. Repeat the above steps as many times as required to add more field rules to the rule.

Click Remove to the right of a field rule to remove it from the list if required.
All roles must be assigned to project/Specific roles which must be assigned

Use these fields to specify whether the security rule's action is available only to users that are assigned to the current project:

  • To make the action available only to users that are assigned to the current project, select the All roles must be assigned to project check box.
  • To make the action available to all users, regardless of whether they are assigned to the current project, clear the All roles must be assigned to project check box and select nothing in the Specific roles which must be assigned field.
  • To make the action available only to users with specific roles that are assigned to the current project, clear the All roles must be assigned to project check box and select the user roles in the Specific roles which must be assigned field. CTRL or SHIFT-click to select as many user roles as you need.

    To deselect a user role that is currently selected in this field, hold down CTRL and click the user role.

If you use these fields to restrict a rule to certain types of user that are assigned to a project, the rule will not apply to users with other roles, even if their role has been specified in the Applies to role field for the security rule or one of its field rules.

 

If you have selected an administrator role in the Applies to roles field, users to which the administrator role has been assigned will always be able to carry out the security rule's action regardless of your selection in these fields.

 

These fields do not appear for 'Create Project' and 'Can Be Assigned To Project' security rules.

Related Topics:

Configuring user roles

Configuring programme types

Configuring workflow rules

Configuring email rules

Working with quality checks

Configuring Asta Vision to use global libraries