I know this is several years old, but it is a good idea. This would be very beneficial to our company. Unless something like it exists and I missed it.
Enhanced enterprise security for role-based security, at multiple levels
1. Role-based security: ability to define roles at work item level, and what security functions each role can do. This means you should be able to define MULTIPLE roles at each level (not just our 2 managers at project level today, and 1 per task today).
2. Granular security functions on each object - ie, who can read/update/delete specific fields, as well as who can RUD each action (add new project, view resource load, set as baseline, etc). THEN, assign these security functions to the role.
3. Organizational roles - allow you to define/assign those roles above, to user groups and managers - and then the security should cascade DOWN the hierarchy of user groups and direct reports. Any project/work item level roles would take security precedence.
For ex, I could be a Project Mgr on Project A, and have one set of functions. Then on Project B, I am the Team Lead on Phase 1, so I can do Update functions at those tasks, and then I'm the Backup Engineer on Phase 2, so I can only view task status, and upload files. Then my Mgr, who manages all of the Engineering depts, can View all projects, without having being assigned on those projects as a team member.
For future reference the request ID CR-224364
Please sign in to leave a comment.