Best Practices on Rights Management On Objects
search cancel

Best Practices on Rights Management On Objects


Article ID: 104080


Updated On:


Clarity PPM On Premise Clarity PPM SaaS


Certain resources/users cannot see Clarity objects.


Clarity protects data objects and break them out to rights on the ability to

1. View (Read-only)
2. Edit (Read-Write)

Rights can be managed at the following levels:
1. Instance
2. Global
3. OBS - This requires knowledge of the company structure.



The best method to rule out a rights issue is go to

Administration > Organization and Access > Groups > New

a. Create a group named: casupport_testing

b. Add the resource(s) experiencing the issue

c. Add all the global rights or add the object rights, e.g. if the issue is with the project object
    filter for the project-related rights by filtering for *project*
    NOTE: It is best to add all available global rights

d. Have the resource log in and log out to check if the issue still persists

If the object can now be viewed, it is a confirmed rights issue.

Since a group can be easily deleted and resources can be easily added or removed from the group, this is best way to confirm an issue is rights-related.

NOTE: Implementing security in Clarity can be done, however it needs to be designed based on business goals.
With Clarity, you can use combinations of groups, OBS, and partitions to implement a security model.

The following can be referenced:



Additional Information

Project Rights

Typical rights to view the object:

Project - View Management - All
Risks/Issues/Change Requests - right(Management - Programs)
Right to edit the project 'Status' attribute is: Project - Approve

Consider testing with combination of rights, such as:
1. Administration - Access
2. Administration - Application Setup

For a query to check the rights of users, please contact the Support team.


Timesheet Rights

Timesheets are another common area where rights needs to be restricted.


If users are able to see and approve each other's timesheets, be sure to check if the following rights have been granted to a the user seeing the timesheet

Global rights:

Timesheets - Approve All
Timesheets - Edit All
Timesheets - Navigate

Instance rights: Resource - Approve Time

View How Rights Were Granted

Administration > Resources > select resource .

Click the tab 'Access to this Resource' > Full View

Click on the key icon to review what rights and what method/group the user belongs to to give that user the rights over another user.

To Access Custom Investments (CIT), Custom Master Objects (CMO), Subobjects

Once the object 'API-Enabled field' is checkmarked, it is available for users to consume.

The main rights needed, to access the left-hand navigation menu Custom Investments (CIT) and Custom Master Objects (CMO) :

Custom Investment - Navigate
Custom Object - Navigate

If example custom investment is [ABC], the following rights are available to be provided:

[ABC] - Navigate
[ABC] - View
[ABC] - Create

If example custom master object is [XYZ], the following rights are available to be provided:

[XYZ] - Navigate
[XYZ] - View
[XYZ] - Create
[XYZ] - Delete

For a rights-comparison query, please reach out to Support.