|
Overriding Permissions
|
Generally users receive permissions via their role assignments but there may be situations where you want to override the permission settings associated with a role for an individual user.
A user must have the override permission to manually override permission settings for other users. The override permission is available at two levels: system-wide and project. A user who is assigned the override permission at the system-wide level can override the permission settings for all users for all projects. A user assigned the override permission at the project level can override permissions for project and survey attendees for every project where they are assigned a project role with override permissions. In addition to the override permission, users must also have grant rights to individual permissions in order to override the setting for that permission.
If you are frequently performing permission overrides to enable or disable certain permissions, consider creating a new role with a different set of permissions. Overridden permissions cannot be administered globally and make it more difficult to keep track of which users have what level of access to which objects. For example, project administrators at ABC Co. normally have rights to delete their own projects. Their organization implements a rule that government projects cannot be deleted without executive oversight. The ABC Iasta SmartSource administrator could override each project administrator's permissions for every government project but a better, more secure solution is to create a project role called "government project admin" that doesn't include the delete project permission and make sure that role is assigned to the project administrators for all government projects.
Permissions are overridden in the same place where the level is assigned:
Related Topics