Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

id893009859

...

id893009862

...

id893009861

A permission in Teamwork Cloud is an approval to perform a particular task or access one or more data or resource objects in the system. Permissions are associated with roles. A role contains a set of permissions allowing a user with that role to perform specific tasks or work on a resource. For example, a Resource Contributor role has permissions to edit, read resources, or edit resource properties. The permissions enable that role to perform specific operations that are forbidden to other users.

Note
titleAssigning permissions

You cannot directly assign permissions to a user. You must assign permissions to a role first and then assign the role to a user. 

When you select a role in the Roles application, you can see its details and the permissions assigned to it. The figure below shows the permissions of the Server Administrator

...

 role


Image Modified

...

The details of the selected role are displayed on the right-hand pane of the Roles application.


 The table below describes all default roles and their permissions. 

RolePermissionsDescriptionScope
Index ManagerAdminister Resources

The user is required to also have the Edit Resources and Edit Resource Properties permissions to enable listed actions; otherwise, the resources will be read-only.

The user with these three permissions can:

  • Use local and server resources
  • Stop using resources in the resource (including Standard/System Profiles)
  • Lock/Unlock usages. Change versions of used resources
  • Update resources from a local file
  • Reload usages from a local file
  • Import usage to a resource
  • Migrate resources to a newer version
  • Upgrade resources to new versions of Standard/System Profiles
  • Set a resource as the latest
  • Export packages to a new resource
  • Reset element IDs (reset resource IDs)
  • Create a branch
  • Remove a branch
  • Rename a branch
Global/Resource specific
List All ResourcesThe user with this permission can see all resources and access them.Global/Resource specific
Resource Contributor

Edit Resources

The user with this permission can edit the resource contents. This includes the ability to change or augment the model.Global/Resource specific
Edit Resource PropertiesThe user with this permission can edit resource properties, or change the name or description of the resource.Global/Resource specific
Read ResourcesThe user with this permission can read the resource contents. This includes the ability to open and review models.Global/Resource specific

...

Resource Creator

Create Resource

The user with this permission can create resources. This also includes the ability to add resources to the server.Global/Category specific
Manage CategoriesThe user with this permission can categorize resources, including the ability to create, delete, or edit existing categories.Global/Category specific
Resource Locks Administrator

Read Resources

The user with this permission can read the resource contents. This includes the ability to open and review models.Global/Resource specific

Release Resource Locks

The user with this permission can release other users' locks in a resource. Global/Resource specific
Resource Manager 

Anchor
Administer Resources permission
Administer Resources permission
Administer Resources

The user is required to also have the Edit Resources and Edit Resource Properties permissions to enable listed actions; otherwise,

...

the resources will be read-only.

The user with these three permissions can:

  • Use local and server resources
  • Stop using resources in the resource (including Standard/System Profiles)
  • Lock/Unlock usages. Change versions of used resources
  • Update resources from a local file
  • Reload usages from a local file
  • Import usage to a resource
  • Migrate resources to a newer version
  • Upgrade resources to new versions of Standard/System Profiles
  • Set a resource as the latest
  • Export packages to a new resource
  • Reset element IDs (reset resource IDs)
  • Create a branch
  • Remove a branch

...

Global/Resource specific
Edit ResourcesThe user with this permission can edit the resource contents. This includes the ability to change or augment the model.Global/Resource specific
Edit Resource PropertiesThe user with this permission can edit resource properties, or change the name or description of the resource.Global/Resource specific

Anchor
List All Users permission
List All Users permission
List All Users

The user with this permission can see all users.Global
Manage Model PermissionsThe user with this permission can manage model-level permissions. This permission

...

automatically includes the

...

 List All Users permission.Global/Resource specific
Manage Owned Resource Access RightThe user with this permission can manage resource-specific access rights, including the ability to grant or revoke user roles in the limited resource scope. This permission automatically includes the List All Users permission.Global/Resource specific
Read ResourcesThe user with this permission can read the resource contents. This includes the ability to open and review models.Global/Resource specific
Remove ResourceThe user with this permission can delete resources.Global/Resource specific
Resource Synchronization ManagerCreate ResourceThe user with this permission can create resources. This also includes the ability to add resources to the server.Category-specific
Manage CategoriesThe user with this permission can categorize resources, including the ability to create, delete, or edit existing categories.Category-specific
Administer Resources

The user is required to also have the Edit Resources and Edit Resource Properties permissions to enable listed actions, otherwise, the resources will be read-only.

The user with these permissions can:

  • Use local and server resources
  • Stop using resources in the resource (including Standard/System Profiles)
  • Lock/Unlock usages. Change versions of used resources
  • Update resources from a local file
  • Reload usages from a local file
  • Import usage to a resource
  • Migrate resources to a newer version
  • Upgrade resources to new versions of Standard/System Profiles
  • Set a resource as the latest
  • Export packages to a new resource
  • Reset element IDs (reset resource IDs)
  • Create a branch
  • Remove a branch
Category-specific
Resource Reviewer

Read Resources

...

The user with this permission can read the resource contents. This includes the ability to open and review models.Global/Resource specific
Security Manager (global role)

List All Resources

The user with this permission can see all resources and access them.Global
List All UsersThe user with this permission can see all users.Global
Manage Security RolesThe user with this permission can manage roles, including the ability to create, edit, or delete roles.Global
Manage User PermissionsThe user with this permission can manage user-level permissions, including the ability to grant or revoke roles in unlimited scope.Global
Server Administrator (global role)

Configure Server

The user with this permission can configure server settings, including the ability to configure a secured connection, LDAP connection, and manage server licenses.Global
User Manager (global role)

Create User

The user with this permission can create new server users.Global
Edit User PropertiesThe user with this permission can edit user details.Global
List All UsersThe user with this permission can see all users.Global
Manage User GroupsThe user with this permission can manage user groups, including the ability to create, edit, or delete user groups.Global
Remove UserThe user with this permission can delete users.Global


Note
  • If a user with the Resource Creator role creates a resource, that user will be assigned as the Resource Manager for that particular resource.
  • To be able to read-write resources, the user must have the Read Resources, Edit Resources, and Edit Resource Properties permissions. Otherwise, the user will see resources as read-only.

...

id893009858