Enable ITIL users to create projects and edit their own

mitzaka
Mega Guru

‎04-08-2015 11:54 PM

Hi SNC,

I am trying to give some flexibility in my instance and enable ITIL users to create new projects. However, I want them to be able to edit only the project which they have created, not ones created by others.

I tried by placing a couple of ACL rules on pm_project table:

1. create - ITIL users

2. edit - ITIL users + the condition of current.created_by == gs.getUserID();

However, this does not seem to work well, as they are able to create projects, but can modify all projects.

Any ideas of how I could accomplish this?

And also on the side I was thinking that perhaps I would have to force similar restrictions to the pm_project_task as well, because it's the tasks which I need to prevent from editing, right?

0 Helpfuls
  • 1,101 Views
7 REPLIES 7

david_legrand
Kilo Sage
In response to mitzaka

‎04-09-2015 05:24 AM

I assume as fixed the question of licenses and I'll speak only on the technical level.



You'll have to customize the ACLs.


(without checking) Probably need to duplicate some "write" ACLs:


  1. One with the "project_manager_role" able to edit all project
  2. One with the "project_user_role" able to edit its own projects by using the conditions in the ACLs


The logic will be similar to "incident" table between the itil role (full access) and the public role (limited access), you can read these ACLs to understand the logic



Regards,


0 Helpfuls

mitzaka
Mega Guru
In response to david_legrand

‎04-09-2015 05:32 AM

David Legrand - yes, I guess this is what I really need to do. I will take a close look at those ACLs and will give it a try.


Thanks for the tips, will let you know of the result:)


0 Helpfuls

mitzaka
Mega Guru

‎04-09-2015 06:20 AM

Alright, I did this with your help guys:)


So here goes:


1. created a custom role, named it 'knowledge_creator'


2. created a bunch of ACLs for pm_project table (for read, write, create operations), as for 'write' I have the condition "opened_by IS javascript:gs.getUserID() OR project_manager IS javascript:gs.getUserID()"


3. created a bunch of ACLs for pm_project_task table as well, to enable the users with the custom role to create tasks from within the project.



It works like a charm:) The users with that custom role are able to create projects and project tasks from that project, and able to edit only the projects which they have created, or for which they are marked as project managers.



Thanks for the guidance!


Dimitar


0 Helpfuls