The scope of a role Teamwork Cloud (TWCloud) is the extent of the area the role is relevant. There are two scopes of roles: global scope and resource-specific scope. A role whose scope is global does not need a resource assignment in order to accomplish the tasks, for example, a Resource Creator is considered as a role that is involved in all current and incoming resources including adding and categorizing resources. Therefore, a Resource Creator can exercise its permissions in any resource by default. A resource-specific scope is usually created for a particular resource, for example, Resource Reviewer.
The predefined roles in the Role Assignments section with two scope options that you can select: Global and Custom.
Global scope
A user with a Global-scope role can access either general or specific information in TWCloud, for example, view a user's profile or remove roles from a user. The permissions extend across all resources, protected objects, and users in TWCloud. A global role does not need to be assigned a resource to perform the tasks, for example, a user manager does not need to have a resource assignment to be able to create a new user.
Users with a global role are authorized to carry out their tasks (aligned with the permissions) anywhere within TWCloud. For example, a User Manager who maintains and manages all user accounts in TWCloud. Therefore, there is no need to assign any resource to this role.
The following are the pre-existing-type roles whose scope is global in TWCloud and their permission.
| Global-scope role | Permission |
|---|---|
| Resource Creator | List all resources, categorize resources, and create resources. |
| Security Manager | List all resources/users and manage user permissions and security roles. |
| Server Administrator | Configure server. |
| User Manager | Create users, edit user properties, list all users, and remove users. |
Resource-specific scope
A resource-specific scope is called Custom scope in TWAdmin. The role's permissions apply only to a specific resource. Users with the resource-specific role need a resource in order to perform a class of actions allowed by the role's permissions.
A resource-specific role is a pre-existing role that allows a user to work based on resource-specific needs. The permissions of this role are on a resource basis. Users with a resource-specific role are authorized to work on the assigned protected objects only. One user can have more than one resource-specific role, for example, user A can be both Resource Contributor in Resource A and Resource Manager in Resource B. This supports the working concept of different roles in each resource in an organization.
It is also possible to assign every resource (a global scope) in the repository to a user by selecting the Global button in the Role Assignments section.
The resource-specific scope roles with their permissions in TWCloud are as follows.
| Resource-specific scope role | Permission |
|---|---|
| Resource Manager | Administer/read/remove resource, edit resources and their properties, list all users, manage model permissions, and manage owned resource access rights. |
| Resource Contributor | Edit resources and their properties, read resources. |
| Resource Reviewer | Read resources. |
| Resource Locks Administrator | Release locked elements. |
The following figure illustrates the use of roles and their scopes.
A user can have more than one role with different scopes.
Related pages