Privilege Rules Scenario

The example below shows how you might set up privileges for creating, updating, and deleting projects:



Bill, the Administrator, is a member of the ADMIN group. The ADMIN group have the privilege Manage Privileges explicitly assigned, therefore he can assign privileges to other users.

  1. He logs into the Administration Console and selects Users and Roles | Privilege Assignments.

  2. He selects Product Level Privileges | Project/Stream | Create Project.

  3. He sets the privilege rules:

  4. He then selects the privileges Delete Project and Update, and sets the same privilege rules for those privileges.

  5. Ted the Team lead, has the role of TEAM LEADER for the product QLARIUS. He logs into the desktop client and creates a new project PROJA.

  6. Some months later, development work in PROJA is complete, and it is no longer needed. Ted, however, has left the company.

  7. Bill deletes the project PROJA, as the privilege to do this is specifically assigned to the ADMIN group.

Guidelines for Granting Privileges

Privileges, along with lifecycles, roles, and design parts, manage your organization’s process control. Tighter process control can be achieved with the use of CM rules.

Some Considerations

When considering the level of process control that you wish to implement you should consider the following guidelines:

NOTE  The more rules you enforce the more checks will be needed and this may impact your system’s performance.

For example, a user has actioned an item revision to the next normal state but wishes to return the item revision to the previous state.

The Deliver into Project/Stream Privilege

The ability to deliver item revisions into a project/stream is a key action and the privilege to do so needs careful consideration. Dimensions can be configured, using privileges, to enforce varying degrees of restriction. These range from the very restrictive "Object is in the user's inbox or user has current role", to the unrestrictive, just get it done, "Grant to all users".

The options are:


Qlarius, who have small development teams, have decided that their project/stream can be delivered to by users with any role on the initial lifecycle state transition. To achieve this general grant rules for the Project/Stream privilege Deliver file into Project/Stream have been enabled:

In this example, the "Deliver Files into Project/Stream" privilege is checked against the project/stream into which you are delivering so it checks if:

Also, by default, this privilege is enabled for anyone in the ADMIN group.

Related Topics

Managing Privileges

About Privilege Rules

Privilege Rules Scenario