Permission Access Levels is a Controlled Availability feature.
Contact your Customer Success Manager if you'd like early access to this new feature.
Permissions in Clarizen provides the ability to compartmentalize work items to allow only relevant, role related individuals the appropriate read/write capabilities. The new Permission Access Levels allow the PM and/or PO to grant permission access to user, groups and profiles, on the Workitems, cases and customer level. This enhancement is in addition to current roles and does not replace any of the previous permissions assigned.
When assigning Permissions, one can be added as either a ‘viewer’ (same permissions as ‘reviewer’) or an ‘editor’ (same permissions as ‘manager’).
Managing permission access level is available also in customization engine and API. This allows for permissions assignment based on the organization's business rules.
A ‘Permissions Access Levels’ panel has been added to allow a centralized comprehensive view of who has permissions to this item, which level (Viewer or Editor) and why (whether was granted directly or inherited from the parent work item , from the group or any other option).
Note: ‘Sharing’ field in views and reports has been changed to ‘Permissions’ (there is no change in functionality)
For large organizations, where multiple groups are involved in a variety of projects, there is a need to control access to specific information. Granting the permissions on the group/profile level, can help manage such settings in an easy and efficient manner.
This new enhancement assists by managing Permissions on a group/profile level without the need for individual permissions. When using Enhanced Permission mode, it is easier to provide access to different projects by different groups in an automated way.
Permission Access Levels is available in labs and can be enabled by admin.
*Note: once it is enabled, it cannot be disabled.
A new field ‘Permissions’ is added to Workitems, cases and customer entities which allows the ability to grant editor or viewer permission level to user, groups and profiles.
When in Basic mode
- Internal users – As all internal users have basic permissions, the enhancement for internal users is only relevant for Editor Permissions.
- External users – the enhancement will affect both Editor and Viewer
When in Enhanced mode
- If granted on the hammock level, permissions roll down to all sub WorkItems.
- In sub workitem, the Permissions field value is not copied from the hammock level; however, the level of access is applied.
- Permissions are not inherited to shortcuts
- As current permissions allow - the user/profile/group can continue to view related files, resources, reviewers, groups, topics, and notes.
The new permissions described are in addition to current permissions and roles
Previously there were no permissions for customer object, currently there is an option to manage who can view or edit customer object, allowing even more scalable security for large organizations.
By default, for both basic and enhanced mode, ‘All’ internal group have ‘Editor’ permissions.
- Super users always have ‘Editor’ permissions regardless of permission access level granted to them specifically from a group /profile.
- Group Manager receives permission access levels as part of the group he manages.
- Financial user with 'viewer' permission can edit financial field (only) in the items he has permissions.
- Users with multiple profiles will have access based on current profile (same for admins)
Permission Access levels panel provides a visual comprehensive view of who has access to the items, which level, and how the permission was assigned. Each row represent user, group or profile, its access level (Viewer or Editor) and whether it was granted directly or inherited from another item.
The panel is available for all workitems, cases and customer as related panel including all users, groups and profiles which have permissions to this item, whether by direct role (such as owner or project manager’), granted permissions, or by inheritance from parent item, or aggregated from child item.
Each row represent user, group or profile, its access level (Viewer or Editor) and whether it was granted directly or inherited from another item.