Edit Permissions

You can set the default permission for objects in Collaboration. The actions that users are able to perform are defined by the role each user is assigned in the project.

This topic discusses:

Project Roles
Functional Area Security and Object Security
Owner Privileges
Permission Matrix
System-Generated Groupings

Project Roles

The Collaboration roles are:

Project Leader
Project Member
Project Guest

By default, Project Leaders are granted full control. Users in that role can create, modify, and delete project objects and set permissions for other roles. And only Project Leaders can post announcements and publish to portal.

By default, Project Members have write access level to Collaboration objects and Project Guests have read access level.

For step-by-step instructions on how to assign roles, see Assigning Roles.

Functional Area Security and Object Security

Each functional area has specific actions that can be enabled or disabled for a given role. These action privileges can be granted:

For the entire project.
For a single object.

For example, the permission to delete discussions is granted to a role for an entire project. That is, for a given project, a role is allowed to delete discussions or it cannot delete discussions. However, the permission to update the status of tasks can be granted on a task-by-task basis. That is, for some tasks, the role can update the status; for other tasks, the role cannot update the status.

The Edit Permissions page let you grant permission on a project level. If you want to grant permission on an object-by-object basis, you must go to the security page of each object.

Owner Privileges

The owner, who is the user who created the object or uploaded the file, has full control of that object. He or she can do everything to the file except change its security.

You can remove owner privileges on documents or files from a user if he or she is no longer participating in the project and, consequently, should not have high-level access privileges to the file. To remove owner privileges of a file, configure the security page of the file.

Permission Matrix

All Collaboration objects have five possible levels of access: No Access, Read, Write, Edit, and Admin. Each access level above No Access inherits the rights from all lower access levels.

The following matrix describes what each access level will let you do in a given functional area:

	Read	Write	Edit	Admin
Projects	View project	View project	Save project Modify project properties	Create announcements Delete announcements Edit announcements Publish project to the portal
Calendar	View Calendar Notify other users about an event.	Create events Attach files and discussions	Modify event properties	Delete events Configure Calendar security
Tasks	View Tasks Notify other users about a task or task list.	Create tasks Claim tasks Attach files and discussions Update task status assigned to user	Modify task list and task properties Create task lists Assign owners Copy task lists Import and export task lists	Delete task lists and tasks Move task lists Configure task list security
Folders	View folders Notify other users about changes made to the contents of the folder.	Add files to folders Upload documents Create new Microsoft Office documents Create folders	Modify folder properties Rename folders Copy folders	Delete folder Move folders Configure folder security
Documents	View files Notify other users about the file.	Check files in and out Undo check-out WebEdit Attach task lists and discussions	Modify file properties Create shortcuts Publish to Knowledge Directory Revert files to previous versions Copy files	Delete files Move files Configure file security Delete previous versions of the file
Discussions	View Discussions Notify other users about the file.	Post messages Reply to messages Attach task lists and files	Modify discussion properties Create new discussions Export discussions Copy discussions	Delete discussions and messages Move discussions Configure discussion security Edit messages Approve or reject messages
	Read	Write	Edit	Full Control

System-Generated Groupings

For each portal community, the system generates the following groupings of portal users, which you can assign to one or more project roles on the Roles and Permissions page:

Community Members: All users who have the Select access privilege for the portal community.
Community Managers: All users who have either the Admin or Edit access privilege for the portal community.
Community Guests: All users who have the Read access privilege for the portal community.

By default, Collaboration synchronizes its user information with the portal once a day. If any users have been added to or deleted from the groupings of Community Members, Community Managers or Community Guests since the last synchronization, Collaboration changes the role's user information to keep it current with the portal community's user information. You can also synchronize this information manually. For more information, see the Roles and Permissions page.

Related Topics: