Security constraints creating new project from Project Workspace

Michael Domke · ‎03-07-2023

I'm hoping someone can explain what the security constraints are that prevent the UI Page from loading when I click New Project to create a new project from the Project Workspace.

I realize that users with the project_manager role provides the necessary access to this functionality but I have a requirement to allow users without the project_manager role to be able to create projects using this button.

I've already configured the necessary pm_project ACLs to allow these non project_manager users to create projects from the list view and was disappointed to see that those same ACLs didn't work for this new option.

Any help would be greatly appreciated.

Thanks,

Michael

Nootan Bhat · ‎03-09-2023

Hi @Michael Domke,

There an ACL on the UI page, which is called when New Project button is clicked.
Below is the link (append the environment url): sys_security_acl.do?sys_id=75f41d5c73417300f7cd0601c4f6a710&sysparm_record_target=sys_security_acl&sysparm_record_row=1&sysparm_record_rows=1&sysparm_record_list=name%3Dpm_home_page_create_project%5Etype%3Dui_page%5Eoperation%3Dread%5EORDERBYname

Make sure if you are using any custom role, please add the same to this ACL. since the UI page uses this acl to execute.

Thanks

Nootan

View solution in original post

Allen Andreas · ‎03-07-2023

Hi,

It appears it's configured within UI Builder for the Project Workspace Experience.

Within that, and ensuring you're within the right scope, you can click the </> icon near the bottom left, then click on the Page scripts "Populate project table and fetch all template". From there, the script will be on the bottom-right and you can see there where it's going the role check. You can add an additional condition by adding:

|| roleArray.includes('custom_role_name_here') inside it, then save and see if that helps you?

You may need to rinse and repeat for the other components of that modal pop-up.

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Michael Domke · ‎03-08-2023

Allen,

Thanks for the detailed instructions. However, it appears we're still using the Project workspace classic version. Do you have any insight on where that is configured?

What all that said, this may be a good time to consider installing the newest Project Workspace version.

Thanks,

Michael

Allen Andreas · ‎03-08-2023

Hi,

Ah, well, my apologies that my reply wasn't Helpful, but yes, you may want to consider for your users to use the new workspace as it has enhanced features, etc.

I'd recommend reviewing the modal/UI Page involved to see if there's a similar "hard code" to the role check as was present in the UI Builder example I provided. You can right-click on the pop-up and inspect the element and see what UI Page is called and the review things that way.

Unfortunately, this is one of the downsides when we customize things by creating a custom role, etc.

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Michael Domke · ‎03-08-2023

Agreed. I outlined the risks to my customer of customizing in this fashion. At least I have a few paths to take. I'm hoping they consider the new Project Workspace route.

I did review the UI Page which is what prompted me to post this thread. It seems to rely on xml templates that are not exposed at our level.

Many thanks for your help,

Michael