Permissions in the repository
It’s possible to define permissions on a content (for example, a folder or a document). For that purpose, place the cursor on the folder or the document line and click on « More » and then on « Manage permissions ».
A permission is defined by:
A group of users or a user (to search a group or a user, write the first letters of its name);
A role:
- Consumer (can consult content)
- Editor (can edit content)
- Contributor (can add and edit his documents)
- Collaborator (can add and edit his documents and other usersdocuments)
- Manager (can delete content of other user, add rules etc...)
Rights matrix details: https://docs.alfresco.com/content-services/latest/using/permissions/
A folder can inherit permissions defined on its parent folder.
Fields permissions :
General Permissions : Confidentiality & security rules
beCPG allows restricting access to certain fields of a type by user groups. To do this, go to the "Security" folder of the repository and create a new folder. This folder corresponds to a group of permissions applied to a beCPG type. Once the folder is created, it will turn to entity, edit its properties and select the node type for which the permission is enabled:
Here, permissions are created on the type « Finished Product ». To define the rights on properties, click on the « ACL » list:
Add new permissions to the data list via the "New Row" button:
Three basic rules can be established:
- Read-only rights, other groups have no access to fields.
- Read and write rights, other groups will only have read rights.
- Read and write rights, other groups have no access to fields.
Once the rule is chosen, it is automatically applied to the properties of the concerned model.
Local Permissions
It is also possible to implement local permissions to specifically target certain products.
To do this, proceed through editing the properties of the security rule and click on the "Local Permission" button.
For the application of the rule to the products of your choice, two methods are available:
- Manually add the rule to products: This approach allows you to individually select the products that require permissions. Simply access the product in question in beCPG and directly apply the permission rule to it. First, verify that the security aspect is among the currently selected aspects. If not, add the aspect , Click here Adding this aspect conditions the appearance of the "Security Rule" field in the product properties. Then manually add the rules created at the administration level.
- Add the rule automatically via a SPEL formula which defines the conditions of application. This formula, based on criteria specific to each case, can be applied to a product model to enable more efficient management on a large scale. example: you can create a formula to apply the security rule to all finished products with a specific model. This method ensures that permissions are correctly assigned without the need for repetitive manual intervention.
Application of the rules
To activate safety rules, it is important to formulate the product.
Permissions on reports
It’s possible to define rights on technical sheets so that their consultation and/or their edition is rigorously managed.
For that purpose :
- Go to: Repository> System> Reports> Product reports;
- Select the folder corresponding to the type of products of which you want to manage the technical sheets (finished product, raw material …);
- Place the cursor on the line corresponding to the concerned technical sheet and click on « More » and then on « Manage permissions »;
- If the default configuration doesn’t suit you, which means that you don’t want everybody to have the right to consult the technical sheet as a « Consumer », click on « Inherit permissions ». Thus, the logo turns from « Check » sign to « No entry » sign so that you can administrate your own rights.
- Click on « Add a user/group » to give rights only to some users or groups on this technical sheet. Once the user or the group selected, give it a rôle (consumer, collaborator etc.);
- Click on « Save »;
- Finally, place the cursor on the line corresponding to the technical sheet and click on « More » and then on « Update permissions ».
Permissions on projects
beCPG enables to define rights on projects:
Either on folders which specifically contain projects. For that purpose, consult the documentation concerning the permissions on folders, available here
Either on individual projects. For this matter:
Place the cursor on the line corresponding to the project and click on « More » and then on « Manage permissions »;
- If the default configuration doesn’t suit you, which means that you don’t want everybody to have the right to consult the project as a « Consumer », click on « Inherit permissions ». Thus, the logo turns from « Check » sign to « No entry » sign so that you can administrate your own rights ;
- Click on « Add a user/group » to give rights only to some users or groups on this project. Once the user or the group selected, give it a rôle (consumer, collaborator etc.);
- Click on « Save » ;
N.B : a user or a group of users defined as « Consumer » on a project won’t have the right to add new tasks neither to modify or delete tasksUNLESS they are assigned to these tasks !
Depending of their rights, users won't have the same access. For example, a consumer won't have the right to modify a task if the task is not assigned to him.
However, the user can modified tasks which are assigned to him.
Permissions on folders in the document list
It is possible to define rights on folders contained in the Documents list of entities (e.g. deleting the inheritance of permissions on a folder and then creating specific permissions). Permissions are defined at template level and apply to all entities associated with the template.
Permissions are applied when entities are created, or to existing entities when they are formulated, or when models are synchronized.
When synchronizing templates, folder rights for existing entities are synchronized:
Either folders do not exist: they are created with the associated permissions.
Either the folders exist: if the spelling of the folders is identical, the permissions are updated.
If the entities contain folders different from those present in the model:
either folders are empty: they are simply deleted
or folders are full: they are retained, but automatically inherit the permissions of the parent folder. If bridging rights had been previously determined, they will be deleted.
N.B.: Subfolders inherit the permissions of the folder in which they are contained.
Permissions on change orders
If you want to create a change order, you need to have the right permissions.
There are 2 different permissions :
- beCPG Change orders creators (CreateChangeOrder) : you can create a change order but you can not apply one.
- beCPG Change orders managers (ApplyChangeOrder) : you can apply a change order.
beCPG Change orders managers and the administrator are the only ones able to apply a change order.
How to change users permission: see here