Team Security

You can assign users and/or security groups to security roles at the resource team level. Security groups are a collection of users and/or other groups with similar roles in your organization and similar needs for accessing resource data.

Users and/or security groups are assigned to resource team security roles in the Resource Team Properties page in the Resources module. Security roles define the permissions for the actions in each module and view.

If a user or security group is assigned to more than one security role, the user or users assigned to the security group can access all of the actions allowed by the security roles to which a user or group is assigned.

When you assign a user or security group to a security role on a resource team with child resource teams, the permissions assigned to the parent resource team cascade down to any child work item that may be associated with a resource team. For example, if you assign a user to the Resource Manager security role on a resource team, the user is automatically assigned to the Resource Manager security role on each of the resource team's child resource teams.

When you assign a user or security group to a security role on a resource team with child resource teams, but you do not want the user or group to have permissions for some of the child resource teams, you can remove the all of the security role permissions for the user or group from the individual child resource teams, except for view permissions. When a user or security group is assigned to security roles on a resource team with child resource teams, the user or group will always have view permissions for the parent and its child resource teams, even when you unassign the user or group from a security role for one of the child resource teams.

For example, there is a resource team with the following folder structure:

Resource Team 1
Resource Team 1A
Resource Team 1B
Resource Team 1C

Resource Team 1 is the parent of Resource Team 1A, 1B, and 1C, and Resource Team 1A, 1B, and 1C are siblings to each other.

A group is assigned to a security role on Resource Team 1 that allows the members of the group to edit resource allocations. Because Resource Team 1A, 1B, and 1C are children of Resource Team 1, members of the group can automatically edit resource allocations for Resource Team 1A, 1B, and 1C.

If you want to remove the group from the security role on Resource Team 1B, when you remove the group from the security role on Resource Team 1B, all of the permissions from the security role are removed from the group except for the view permissions. Members of the groups will no longer be able to edit resource allocations on Resource Team 1B, but they will be able to view the resource and its allocations. If Resource Team 1B has child resource teams, the group will also be able to view the child resource teams and their allocations.

When you remove the security group from the security role on Resource Team 1B, members of the group will still be assigned to the security role, and have all the permissions allowed by the security role on Resource Team 1, 1A, and 1C.

Tab: Role Assignments, Advanced

The Role Assignments, Advanced tab in the Properties dialog box is used to advanced role assignment details.

The following fields are available from the Role Assignments, Advanced tab in the Properties dialog box:

Fields	Description
Add	Click this button to add a selected user and/or security group to the role assignment for this work item. This will add the Is Assigned To Role icon in the Assignment column.
Assignments	This column indicates whether a user and/or security group has a role assignment to the selected work item. If the column shows Is Assigned To Role, the user and/or security group has been given a role assignment to the selected work item. If the column shows Inherits Assignment To Role, the user and/or security group is inheriting its role assignment from a role assignment made to a parent work item. If the column shows Does Not Inherit Assignment To Role, the user and/or security group is not inheriting its role assignment from a parent work item.
Clear	Click to clear a selected user and/or security group from the role assignment for this work item. This will remove the Is Assigned To Role or Does Not Inherit Assignment To Role icons from the Assignment column.
Group / User	Displays the users and/or security groups that are available for a role assignment to the selected work item. This list displays only security groups by default.
Manage By	Select Role to manage role assignments by security role and Group / User to manage role assignments by user and/or security group.
Parent Groups	This column indicates the security groups to which a user and/or a security group belong. This column is only visible when the Role option is selected for the Manage By selector.
Remove	Click this button to move the selected attributes from the Selected Attributes box to the Available Attributes box.
Role	This column displays the security roles from which users and/or security groups can be given role assignments.
Show Unassigned	Depending on which method you choose to manage role assignments, displays security roles or displays users and/or security groups who do not have a role assignment to the selected work item.
Show Users	Select to display both users and security groups in the Group / User list.
Simple	Click to view the Role Assignments tab, simple view.

Tab: Role Assignments, Simple

The Role Assignments, Simple tab in the Properties dialog box is used to view role assignment details.

The following fields are available from the Role Assignments, Simple tab in the Properties dialog box:

Fields	Description
Add	Click this button to add a selected user and/or security group to the role assignment for this work item. This will add the Is Assigned To Role icon in the Assignment column.
Advanced	Click to view the Role Assignments tab, advanced view.
Assignments	This column indicates whether a user and/or security group has a role assignment to the selected work item. If the column shows Is Assigned To Role, the user and/or security group has been given a role assignment to the selected work item. If the column shows Inherits Assignment To Role, the user and/or security group is inheriting its role assignment from a role assignment made to a parent work item. If the column shows Does Not Inherit Assignment To Role, the user and/or security group is not inheriting its role assignment from a parent work item.
Clear	Click to clear a selected user and/or security group from the role assignment for this work item. This will remove the Is Assigned To Role or Does Not Inherit Assignment To Role icons from the Assignment column.
Group / User	Displays the users and/or security groups that are available for a role assignment to the selected work item. This list displays only security groups by default.
Remove	Click this button to move the selected attributes from the Selected Attributes box to the Available Attributes box.
Role	This column displays the security roles from which users and/or security groups can be given role assignments.
Show Users	Select to display both users and security groups in the Group / User list.