Clarity PPM: Best Practices on Rights Management

book

Article ID: 104080

calendar_today

Updated On:

Products

Clarity PPM On Premise

Issue/Introduction

Certain resources/users cannot see Clarity objects.

Cause



Clarity protects data objects and break them out to rights on the ability to

1. View (Read-only)

2. Edit (Read-Write)


Rights can be managed at the following levels:

1. Instance

2. Global

3. OBS - This requires knowledge of the company structure.

         

Resolution

The best method to rule out a rights issue is go to

Administration > Organization and Access > Groups > New

a. Create a group named: casupport_testing

b. Add the resource(s) experiencing the issue

c. Add all the global rights or add the object rights, e.g. if the issue is with the project object
    filter for the project-related rights by filtering for *project*
    NOTE: It is best to add all available global rights

d. Have the resource log in and log out to check if the issue still persists

If the object can now be viewed, it is a confirmed rights issue.

Since a group can be easily deleted and resources can be easily added or removed from the group, this is best way to confirm an issue is rights-related.

NOTE: Implementing security in Clarity can be done, however it needs to be designed based on business goals.
With Clarity, you can use combinations of groups, OBS, and partitions to implement a security model.

The following can be referenced:

--1
https://docops.ca.com/ca-ppm/15-6-1/en/reference/ca-ppm-access-rights-reference/studio-access-rights

--2
https://docops.ca.com/ca-ppm/15-6-1/en/reference/ca-ppm-studio-development/ca-ppm-studio-partitions#CAPPMStudioPartitions-ReviewPartitionPrerequisites

Additional Information

Project Rights

Typical rights to view the object:

Project - View Management - All
Risks/Issues/Change Requests - right(Management - Programs)
Right to edit the project 'Status' attribute is: Project - Approve

Consider testing with combination of rights, such as:
1. Administration - Access
2. Administration - Application Setup

For a query to check the rights of users, please contact the Support team.

 

Timesheet Rights

Timesheets are another common area where rights needs to be restricted.

 

If users are able to see and approve each other's timesheets, be sure to check if the following rights have been granted to a the user seeing the timesheet

Global rights:

Timesheets - Approve All

Timesheets - Edit All

Timesheets - Navigate

 

Instance rights: Resource - Approve Time

 

View How Rights Were Granted

Administration > Resources > select resource .

Click the tab 'Access to this Resource' > Full View

 

Click on the key icon to review what rights and what method/group the user belongs to to give that user the rights over another user.