Question

Project Object Access Level

  • 14 February 2022
  • 6 replies
  • 168 views
A
Rank
Userlevel 1
Badge +6

Hello,

A customer of mine, is wanting to use object access as opposed to person groups for the project LU. 

I have set the object access level as View for Projects, Subprojects and Activity.

I have been testing this access, and it seems that even though my user is not connected to the project and company- the user is still able to view the documents in the document revision screen.

I would have assumed that if the user did not have access to the company, and project, that they would then not be able to view any of the documents associated to the project object LU. 

Do we have to use project access, with the object level access for this to work properly? 

Unsure as to whether the object level access is there purely to define the maximum level of access that can be granted, instead of actually controlling which users have access to the object defined. 

This topic has been closed for comments

6 replies

Mathias Dahl
Rank
Userlevel 7
Badge +30

Hi Aisha,

You seem to be mixing up different terms slightly so I am not 100 % sure about what you are asking and suggesting. Try to read up on our documentation about document access:

https://docs.ifs.com/ifsclouddocs/21r1/CreateAndMaintainDocument/AboutDocumentAccess.htm?StandAlone=true

Especially you should read the section about object-controlled document access there.

What I can say already now is that we have a good tool to understand why, or from where, a user got a certain access. You can find it under Document Revision / Access / Results. Push the Generate button there and you will see a report about how each user has got access to this document, if any.

Let us know if you have any questions after refreshing your understanding about the access concept for documents.

 

/Mathias
Mathias Dahl
Rank
Userlevel 7
Badge +30

PS. Yes, there is a lot of information in there, and it can be quite dense in places. So read slowly and carefully :) If you have any ideas on how to make things clearer, we are all ears.

Thanks!

 

/Mathias
A
Rank
Userlevel 1
Badge +6

Hello,

 

Sorry for being unclear in my previous explanation. I will list out the scenarios below:

 

Scenario 1: Project Access is Off and not being used and Default Object Access for the Project LU is set to View

 

User A only has access to Company 1, and User B only has access to Company 2

User B creates a Project in Company 2 with documents attached.

User A in the document revisions screen is able to view the documents that User B has created for the project in Company 2.

 

Scenario 2: Project is On and Default Object Access for the Project LU is set to View

 

User A only has access to Company 1, and User B only has access to Company 2

User B creates a project in Company 2 with documents attached.

User A can find User B’s document number in the document revisions screen but they are not able to view the document. 

 

How is it possible that User A can view the documents attached to a different company that they do not have access too? Currently, it seems that the project access is what is controlling what the user can and cannot see.

 

If company access does not determine what the user can and cannot see in terms of documents being attached- does this mean that restricted access has to be used? 

 

I hope this makes sense and thank you for your feedback.

Mathias Dahl
Rank
Userlevel 7
Badge +30

I cannot help you with how project access works, sorry. I can only say how the access works from the document side, and project access (really object access, and in this case from a project) is only part of the picture.

Did you try to generate the access results, and what did it tell you?

 

/Mathias
A
Rank
Userlevel 1
Badge +6

Hello.

 

Yes I generated the access results and it was coming from the Project. After testing, it has come to my understanding that with object level access for projects, unless they have project access switched on, then project team members can see documents even if they do not belong to the company that the project is associated too.

 

I assume this is because object level access for Projects will not be company specific, as its only dependent on if you have access to the Project LU itself (this could be several different projects). 

 

Thank you for your help.

 

Regards

Aisha

Mathias Dahl
Rank
Userlevel 7
Badge +30

Hi,

Glad you sorted it out.

Your theory is probably correct. Without project access being enabled, you probably get at least full view access for any user, for documents connected to such projects.

 

/Mathias
Terms & ConditionsCookie settings