How do I manage item level security?

This article will show you how to manage item level permissions in your EPM Live Site App. The List Apps can have item level permissions enabled, also referred to as the Build/Enable Team Security feature. Multiple List Apps may have permissions enabled so that a virtual "hierarchy" is created and maintained for security, even from within a single site architecture for the top level site. This article will use a scenario of Project Departments, Projects, and Project Associated Items (Issues, Tasks, etc.) as an illustration. Keep in mind that the concepts and instructions may be used for other List Apps as well. Alternative example options could be Programs, Portfolios, Projects, etc. There is not a limit to the number of "levels" in the virtual hierarchy.

Note: Once the security groups have been created, the item owners/managers can manage which users are added to the various groups using the Build/Edit Team feature button/option for the various items.

This article will use the Project Departments List App as the Parent List App and the Project Center as the Child List App. Then, Project Center also acts as a Parent List App to its Associated Child List Apps, such as Issues, Task Center, Project Documents, etc.

1. Enable Build Team with Security on the List Apps

These steps are to be done for each List App that security is to be managed.

  • Navigate to the List App Settings Page.
  • Check the boxes to Enable Team and Enable Team Security.
  • Save Settings.

When the Team feature is enabled on a List App, then for every new item added to the List App, three security groups are created. The groups are Owners, Members, and Visitors.

For example, in the Project Departments List App, if I create "IT Department", when I enable the Team settings on Project Departments, IT Department will have the following three security groups: IT Department Owners, IT Department Members, IT Department Visitors. Then, when the Team Security is enabled on the List App, only those users who are added to one or more of the "IT" groups will have permissions to the IT Department, and any metadata details about the IT Department.

In the example scenario, the Build Team and Build Team Security features would be enabled on both List Apps: Project Departments and Project Center.

2. New IT Department in the Project Departments List App

3. Use the Lookup Security Feature

If you want security to be inherited via Associated Items, this is configured via the Lookup Settings for each child List App. For example, if the Project Department security is to pass down to their associated Projects, that setting is enabled on the Project Center's Lookup Settings Page for the Project Department Lookup field.

4. New Project

When a new Project is created, there is a lookup field for Department. In this example, Project 1 has a lookup to the IT Department. Since the Lookup Security is enabled, Project 1 will inherit the Permissions from the IT Department. And since I also have Enable Team Security enabled on Project Center, three security groups will also be created for the Project itself.

For Project 1, there would be the security groups for IT Department in addition to the "Matrix CP" Project security groups: Matrix CP Owners, Matrix CP Members, and Matrix CP Visitors.

5. Verify Project's Item Permissions

When managing item level permissions, each item in the List App will have unique security groups. You can check the permissions for any/each item by following these steps:

  1. Navigate to the List App. Highlight the item by selecting to the right or left of the item title.
  2. Open the Items Ribbon
  3. Select Shared With to view that item's permissions.

6. Review the Project Permissions and Department Permission Groups

All the groups that have access will show. If viewing the item permissions for a Project item in Project Center, and if the Lookup Security for Project Departments security is enabled, six groups will show for that Project Item. This example includes the three Department Groups (for IT Department) and the three Project Groups (for Matrix CP).

7. Use the Lookup Security Feature

When users have been added to the Project Team by adding them to one of the item's security groups, those users will also have permissions to the associated child items for the parent item. Just as Projects inherit permissions from their parent Department, so will the child work items inherit permissions from their parent Project. Go into each child list (Issues, Task Center, Risks, etc.) and enable the Security on the Lookup Settings for the Project Lookup.

8. New Issue

When a new Issue is created, there is a lookup field for Project.

9. Verify Issue's Item Permissions

When managing item level permissions, each item in the List App will have unique security groups. You can check the permissions for any/each item by following these steps:

  1. Navigate to the List App. Highlight the item by selecting to the right or left of the item title.
  2. Open the Items Ribbon
  3. Select Shared With to view that item's permissions.

10. Review the Issue Permissions

In this example, Issue 'Need Additional Technical Resources' has a lookup to Project 'Matrix CP.' And, Project Matrix CP has a lookup to the IT Department. Since the Lookup Security is enabled, the Issue item will inherit the permission groups from the Project, which inherits the permission groups from the IT Department. In this example, the Issues List DOES NOT have the Build Team feature enabled, meaning there are no separate security groups on the Issues items themselves.

Using this type of security setting, the Department, Project, and Issue items all have unique permission even though the group names are inheriting down.

Comments

0 comments

Please sign in to leave a comment.