User actions and permissions

Every CollabNet user has a set of permissions that define what that user can do and on which resources the user can perform those actions. This is a list of the permissions that are available by default.

User access permissions

Permission Definition
Domain Page - View

Domain Level

Users with this permission can view the contents of the domain.
Start Page - View

Domain Level

Users with this permission can view their My start page.

External Authentication

Permission Definition
Authentication Realm - View

Domain Level

Users with this permission can view the list of realms that are associated with the system.
Authentication Realm - Add

Domain Level

Users with this permission can add new authentication realms in CollabNet Enterprise Edition.

Authentication Realm -Edit

Domain Level

Users with this permission can edit details of existing realms.

Authentication Realm - Delete

Domain Level

Users with this permission can delete realms

Authentication Realm -Map Users

Domain Level

Users with this permission can associate users to an authentication realm.

Administrator functions

Permission Definition
Audit Log - View

Project Level

Users with this permission can view audit log entries.
Domain - Administer

Domain Level

Users with this permission can administer the domain.

With this permission, users are granted access to the administrative pages.

Licenses - Administer

Domain Level

Users with this permission can add, edit or delete licenses from the domain.

Only licenses with no associated projects can be deleted.

Project - Lock

Project Level

This permission allows users to lock or unlock projects.
Project - Approve

Domain Level

This permission allows the user to approve projects that have been proposed by other users.

Additionally, this permission allows the user to create projects without going through the approval process.

Session - List

Domain Level

Users with this permission can view all active sessions of other users logged into the domain.

Projects

Permission Definition
Project Page - View

Project Level

Users with this permission can view source code, the project home page, news items and other project features.

This permission can be duplicated using the Project - View in conjunction with permissions for the individual project items.

Project - Delete

Project Level

This permission allows users to delete a project.
Project - Edit

Project Level

This permission allows users to make changes to basic project information. This includes reassigning the parent project, editing the project and the owner's message, as well as changing the project category and designating the project as private.
Project - Invite

Project Level

Users with this permission can invite users to join the project.
Project - Suggest

Domain Level

Users with this permission can suggest new projects within the domain.

Suggested projects must be approved by a user with the Project - Approve permission.

Project - View

Project Level

Users with this permission can view project lists and view public projects on the Projects page.

This permission is required by many other project level permissions.

Project Content - View

Project Level

This permission allows the user to view web pages associated with the resource to which it has been granted. Example: A user with this role granted to a project with the ".*" resource can view all pages within the domain. A user with this role granted on a project with access to the "/project/.*" resource can only see pages belonging to the project project.

This permission requires a resource.

Project Member - List

Project Level

This permission allows users to view a list of users with roles in a project.

Project Groups and Categories

Permission Definition
Project - Designate Subproject

Project Level

Users with this permission in a project can assign subprojects to this project. The user must also have Project - Designate Superproject granted on the project.

The effect of using this permission is to make a project a subproject of a category or project group.

Project - Designate Superproject

Project Level

Users with this permission can assign a parent project to the project to which this permission has been assigned.

If not a domain, the user must have Project - Designate Subproject in the parent project. This is currently only used by project groups and categories.

ProjectGroup - Add

Domain Level

Users with this permission can create new project groups within the domain. Coupled with the Project - Designate Subproject permission in an existing project group, the user can create a subgroup of the project group.
Category - Add

Domain Level

Users with this permission can create new categories within the domain.

Coupled with the Project - Designate Subproject permission in an existing category allows users to create subcategories in that category.

Project-Associate Project

Project Level

If users have the permission Project-Associate Project on a category and also the permission Project -View in a project, they can associate that project to the category.

For example: To associate a "Project" to a "Category" the following permissions are required:

In the Category : Project - Associate Project
In the Project : Project - View

If users have Project - Associate With Project permission in a project and also the Project - Associate Project permission in a Project Group, they can associate that project to the Project Group.

For example: To associate a "Project" to the "Project Group," the following permissions are required:

In the Project Group : Project - Associate Project
In the Project : Project - Associate with Project

This permission has no relevance in non-group and non-category projects. This permission must always be used in conjunction with another permission.

Project - Associate With Project

Project Level

Users with the Project-Associate with Project permission on a project, and also Project - View permission on a category, can associate this project with that category.

For example: To associate a "Project" to the "Project Category," the following permissions are required:

In the Project : Project-Associate with Project
In the Category : Project - View

Similarly, users with the Project-Associate with Project permission on a project and also the Project - Associate Project permission in a Project Group can associate that project with the project group.

For example: To associate a "Project" to the "Project Group," the following permissions are required:

In the Project : Project-Associate with Project
In the Project Group: Project - Associate Project

This permission has no relevance in non-group and non-category projects.

Project - Site Specific This action is used for site-specific purposes. If this permission is visible, it is probably inactive; however, if you require more information, please consult your local documentation or contact the site administrator.

Project Documents

Permission Definition
Project Document - Approve

Project Level

Users with this permission can view and approve unapproved documents within the project to which the permission has been granted. Users with this permission can create new project documents without going through the approval process.

This permission affects project documents and folders.

Project Document - Delete

Project Level

Users with this permission can delete documents or sections within the project to which this permission has been granted.

This permission affects project documents and folders.

Project Document - Edit

Project Level

Users with this permission can edit any document within the project.
Project Document - Suggest

Project Level

This permission allows users to suggest new documents within a project.

Suggested documents must be approved by a user with the Project Document - Approve permission.

Project Document - View

Project Level

Users with this permission can view all public documents within a project.
Project Document - Reserve

Project Level

Users with this permission can reserve any document within their project. Users can also edit any reservation they have made. In projects with the "offer to lock new documents" configuration option on, users with both this permission and the "Project Document - Reserve Mine" permission can reserve a document with the "strict lock" reservation type.
Project Document - Reserve for Others

Project Level

This permission allows the user to edit any reservation on a document in the project.
Project Document - Reserve Mine

Project Level

This permission allows users to reserve any document they have posted to the project. In projects with the "offer to lock new documents" configuration option on, users with both this and the "Project Document - Reserve" permission can reserve a document with the "strict lock" reservation type.
Project Document - Edit - Locked

Project Level

This permission allows the user to edit any document with a "strict lock" reservation.

Project Discussions

Permission Definition
Discussions - Discussion Add Users with this permission can create a new discussion in a given project.
Discussions - Discussion Delete Users with this permission can delete discussions in a given project.
Discussions - Discussion Edit Users with this permission can administer any discussion in a given project.
Discussions - Discussion Trusted A user with this permission is treated as "trusted" for all discussions in this project.
Discussions - Discussion Use Private Users with this permission can view, subscribe, and post to any discussion in a project regardless of the discussion's settings (public or private).
Discussions - Discussion View Users with this permission can view any non-private discussion in a given project. Subscription rights are derived from this.
Discussions - Message Delete Users with this permission can delete messages in a given project's discussions.
Discussions - Message Edit Users with this permission can edit messages in a given project's discussions.
Discussions - Message Post Users with this permission can post to any non-private discussion in a given project.

Project Issue Tracking

Project Issue Tracking permissions determine user access for the tracking component in the project.

For projects with the Issue Tracking component: Project Issue Tracking permissions are granted within the Issue Tracking component as well as within the project. Additionally, users must have a role within the project to which they need access to Issue Tracking..

NOTE: Domains with single-database mode for issue tracking do not use these permissions after the user is initially created. The administrator must set permissions within the Issue Tracking interface for user access levels to be affective.

Permission Definition
Domain Issue Tracking - Configure

Project Level

Users with this permission can create attributes and attribute options for use in a project, without contacting the Domain administrator.
Project Issue Tracking - View

Project Level

This permission allows users to view artifacts (for example, for example, details like the operating system, priority, type, assignee, and so on) It does not allow a user to run a query.

Project Issue Tracking - Change

Project Level

This permission allows users to change the metadata associated with an issue (for example, operating system, priority, type, assignee, etc.) It does not allow a user to change the status of an issue or add comments.

This permission also allows users to reassign issues.

For projects with Issue Tracker component, this permission is applied at both the project level and within Issue Tracker.

Project Issue Tracking - Configure

Project Level

This permission allows users to configure the tracking component for this project. For projects with Issue Tracker component, this permission is applied at both the project level and within Issue Tracker.
Project Issue Tracking - Change State This permission allows a user to change the status of an issue. (from "Unconfirmed to New," or "New" to "Started," " Resolved" or "Fixed," etc.)
Project Issue Tracking - Attach File Allows a user to attach a file to an issue.
Project Issue Tracking - Assignable This action is used in Issue Tracker and Project Tracker. Allows a user to assign an issue to someone else.
Project Issue Tracking - Add Comment Allows a user to add a comment.
Project Issue Tracking - Query

Project Level

This permission allows users to query issues within the project. For projects with Issue Tracker component, this permission is applied at both the project level and within Issue Tracker.
Project Issue Tracking - Submit

Project Level

This permission allows users to submit issues or artifacts. In Issue Tracker, when a user submits an issue, the default state of the issue is "Unconfirmed." Note that this default state "Unconfirmed" is valid only if voting is enabled. If the user is a Project Owner, the default state is "New." For projects with the Issue Tracker component, this permission is applied at both the project level and within Issue Tracker.

This permission also allows users to import Project Tracker artifacts using the XML format.

Project Issue Tracking - Move Issue

Project Level

Users with this permission can copy or move artifacts.

This permission applies only to the Project Tracker component.

If the user is a registered user of a project that uses Issue Tracker as its tracking component, the user can, using the default settings:

If the user is the project owner of a project that uses Issue Tracker as it's tracking component, the user can:

If the user is an assignee, the user can attach files, comment, change the state, reassign an issue or change the metadata regardless of other permissions.

If the user is the issue reporter, the user can:

If the user is a QA contact, the user can:

Project Dashboard

Permission Definition

Project Dashboard - View

Project Level

This is the base permission for all Project dashboard related actions. Users with this permission can have access to different views or reports within the project. Users can view the Project Performance and Historical variance (both Gantt and tabular view) pages, and the performance chart.

With the Task-View and Task -View Others permissions users can view the milestone performance link and the milestone performance chart.

Along with Tasks-View and Tasks-View Others permissions, in the Schedule page, users will see Milestone tasks, tasks assigned to logged in users and tasks assigned to others users hyperlinked.

In the Effort page, along with Tasks – View, and Project Dashboard – View Manager Reports a user will see his or her name in the Users Selection list suffixed by a (you). With the Task -View Others permission users can see the complete Users List box and others' tasks in the Results page.

Project Dashboard - View Manager Reports

Project Level

Users with this permission and Tasks - View, Project Dashboard- View permissions can analyze both the plan and actual effort distribution of project members.

They can also see the bubble charts and portfolio status of those projects in which they have this permission in the My Portfolio page. With the Project Dashboard – View permission, project bubbles and project status are hyperlinked.

In the Effort page, a user will see his or her name in the Users Selection list suffixed by a (you). With the Task -View Others permission users can see the complete Users List box and others' tasks in the Results page.

Tasks - Configure

Project Level

Along with Tasks- View permission, this administration level permission that allows users to do plan-related activities like - Setting up Project dashboard for a project by importing MS Project Plan, Managing plans (re-import, sync, export actuals, export tracking data). Along with Tasks-Remove Plan permission, a user can reset Project dashboard.

Domain Reports - View

Domain Level

Users with this permission can have access to the Portfolio dashboard page which displays the status of projects in which the user has a direct or a derived role.

They can view the bubble chart and portfolio status of all projects in the My Portfolio page. With the Project Dashboard – View permission, project bubbles and project status are hyperlinked.

Tasks - Edit Self

Project Level

Users with this permission along with the Tasks-View permission can view and edit the tasks assigned to them. They can view the "Mark Task Completed" button in the My Current Tasks page if they have this permission for any one of the projects listed in the page. They can view and edit the effort, schedule and progress in the Self Planning page.

In the My Current Tasks page, users can see the radio buttons and the "Mark Task Completed" button only in those selected projects that the user has this permission enabled. Otherwise, the list will still be displayed but without the radio buttons.

Tasks -View

Project Level

This is the base permission for all Task Management related actions. This permission alongwith Project Dashboard-View and Tasks-View Others permissions gives users access to the milestone performance link and the performance chart.

In the Schedule page, along with Task-View Others and Project Dashboard – View permissions users will see Milestone tasks, tasks assigned to logged in users and tasks assigned to other users hyperlinked.

In the Effort page, with the Tasks -View Others permission users can see the complete Users List box and others' tasks in the Results page.

Before setup, with the Tasks- Configure permission they can see the Setup and Export User List links in the Tasks page.

After setup they can view the links to tasks assigned to them. Users can see the Project Summary in the Tasks page. With Tasks-View Others permission they can also view the "Upcoming milestones" in the Tasks page. With the Tasks-Edit Self permission, they can see the radio button to select the task and the "Mark Task Completed" button. With the Project Dashboard -View permission, users can see the project progress.

In the Self-Planning page, users can see tasks hyperlinked, and the effort, schedule and progress in the read-only mode. With the Tasks-Edit Self permission, they can edit the effort, schedule and progress and the "Update All" button is enabled.

In the Tasks Status page, the user will see his or her name suffixed by a (you). With the Tasks – View Others permission, the resources list box selection is displayed.

In the Reporting Status page, the user will see his or her name suffixed by a (you) and the results will not include other users' tasks. With the Tasks – View Others permission, users can see the Users list and the results will include other users’ tasks.

In the Task Detail (self) page, users can view details of task assigned them in the read-only mode. With the Tasks – Edit Self permission they can edit the details of task assigned to them. With the Tasks – View Others permission the Constituent task summary is displayed.

In the My Current Tasks page, users can view a "—" instead of radio buttons. In projects in which the user has the Tasks – Edit Self he or she can see the radio buttons and the "Mark Task Completed" button.

Tasks - Edit Others

Project Level

They can edit the details of tasks assigned to others if users have Tasks - View permission along with this permission. (Permission yet to be activated.)

Tasks - View Others

Project Level

Along with the Tasks- View permission, users with this permission can view the Constituent task summary. In the Reporting Status page, the Schedule page and in the Effort page, users can view the other users' lists and their tasks. In the Task status page they can view the resources list box selection.

In the Schedule page, along with Tasks -View and Project dashboard -View permissions users will see Milestone tasks, tasks assigned to logged in users and tasks assigned to others users hyperlinked.

In the Task Detail (others) page, users can see details of task assigned to others in the read-only form. But with the Tasks – Edit Others permission they can edit the details of task assigned to others.

In the Effort Explore page, alongwith PD-View, PD-View Manager Reports, and Tasks - View permissions, users can see the Explore Effort link and the Users list box with all the project users' names.

Tasks - Remove Plan

Project Level

Users with this permission along with Tasks -View and Tasks -Configure permissions can remove a project plan that has been uploaded into Project dashboard.

Project News

Permission Definition
Project News - Approve

Project Level

Users with this permission can view and approve suggested news items within the project to which the permission has been granted. Users with this permission can create news items without going through the approval process.
Project News - Delete

Project Level

This permission allows users to delete any news item within the project.
Project News - Edit

Project Level

This permission allows users to edit news items within the project.
Project News - Suggest

Project Level

Users with this permission can suggest news items within the project.

Suggested news items must be approved by a user with the Project News - Approve permission.

Project Page - View Allows you to use the web interface to see the project's web pages.
Project News - View

Project Level

Users with this permission can view news items within the project.

Resources Patterns

Permission Definition
Resource - Add

Project Level

Users with this permission can add new resources to the project.
Resource - Delete Users with this permission can delete a resource pattern. To delete a resource pattern that is associated to a particular permission which in turn is assigned to a role, you must first revoke the association.
Resource - Edit

Project Level

Users with this permission can edit resources within the project. Users can edit the regular expression (e.g.; ".*") and the description of the resource.

Roles

Permission Definition
Role - Add

Project Level

Users with this permission can create new roles for the project.
Role - Delete

Project Level

Users can delete roles associated with this project.

Only roles with no associated users can be erased.

Role - Edit

Domain Level

With this permission, users can change the name of a role in the domain, set attributes, and change permissions of the role.
Role - Grant

Domain or Project Level

Users with this permission can grant the level's role to any other user within the level. Users with the permission at the Domain level can grant Domain level roles. Users with the permission at the Project level can grant Project level roles.

Note that this permission cannot be used to grant roles in unapproved projects; the Unapproved Project Role - Grant is required to perform this action.

Role - Request

Domain or Project Level

Users with this permission can request any roles at the level to which this permission has been granted. Users with domain level permission can request domain roles. Users with project level permission can request project roles.
Unapproved Project Role - Grant

Project Level

Users with this permission can grant roles to users within an unapproved project.

Users

Permission Definition
User - Add

Domain Level

Users with this permission can create new users within the domain.
User - Delete

Domain Level

Users with this permission can delete any user within the domain.
User - Edit

Domain Level

Users with this permission can edit user preferences for any user within the domain.
User - Edit - Self

Domain Level

Users with this permission in the domain in which they are registered can edit their own user information.

To allow users to edit their own organizations the "Users can edit own organizations" configuration option must be set for the domain. See Using domain administration tools for more information.

User - List

Domain Level

Users with this permission can view a list of all users registered and the details of any user in the domain.
User - View

Domain Level

Users with this permission can view information on any user registered in the domain.
User - View - Self

Domain Level

This permission allows users to view their own user profile.

User Group

Permission Definition
UserGroup - Add

Domain Level

Users with this permission can create new user groups within the domain.
UserGroup - Delete

Domain Level

Users with this permission can delete any user group in the domain.
UserGroup - Edit

Domain Level

Users with this permission along with the User-Edit permission can edit any user group within the domain.
UserGroup Element - Add

Domain Level

Users with this permission can add users to any usergroup in the domain.
UserGroup Element - Delete

Domain Level

Users with this permission can delete any user from any user group within the domain.
UserGroup - List

Domain Level

Users with this permission can view any user group within the domain.
UserGroup - View

Domain Level

Users with this permission can view the details of any user group within the domain.

Project Version Control

These permissions require a resource. Users with these permissions can apply them to any file within the project with a pattern matching the resource. For example, a user with the VersionControl - Modify permission on the "*.txt" resource in the project project can change any existing file with an extension of .txt in the project project repository.

Permission Definition
VersionControl - Read

Project Level

Users with this permission can perform all read-only operations in the version control system. Read-only operations include checkout, update, diff, status, log, and cvs annotate and cvs history .
VersionControl - Add

Project Level

Users with this permission can add files and directories to the repository (e.g., cvs add, cvs import). Note that for non-imports, this permission actually governs the commit that introduces the added item to the repository, not the user's ability to add the item in their working copy.
VersionControl - Modify

Project Level

Users with this permission can change already-existing files and directories via cvs commit. It does not grant the ability to add or delete items, however; see VersionControl - Add and VersionControl - Delete for that.
VersionControl - Delete

Project Level

Users with this permission can delete files and directories from the repository using cvs rm. Note that this permission actually governs the commit that requests the deletion in the repository, not the user's ability to delete the item from their working copy.
VersionControl - Copy

Project Level

Users with this permission can copy files. This permission is available for every role that also has the VersionControl - Add permission. In the Project Pages Editor, you must have this permission to copy or re-order pages or subpages.
Version Control CC - Admin

Project Level

Users with this permission can control most functions of the VOB. With this permission, users can modify comments, transfer mastership of an object from one VOB to another, lock a VOB, and create, modify or remove hyperlinks, triggers, and types.

This permission applies to users of ClearCase only.

Version Control CC - Change Event

Project Level

Users with this permission can modify comment strings in commit messages.

This permission applies to users of ClearCase only.

VersionControl CC - Change Type

Project Level

Users with this permission can change the element type of an element or rename an existing branch.

This permission applies to users of ClearCase only.

VersionControl CC - Checkout

Project Level

Users with this permission can check out an element from the main branch.

This permission applies to users of ClearCase only.

VersionControl CC - Protect

Project Level

Users with this permission can alter access rights to any element, shared derived object or the named VOB object.

This permission applies to users of ClearCase only.

VersionControl CC - Reserve

Project Level

Users with this permission can reserve an element, preventing others from checking it out.

This permission applies to users of ClearCase only.

VersionControl CC - Unreserve

Project Level

Users with this permission can remove a reservation from an element.

This permission applies to users of ClearCase only.

VersionControl CC Attribute - Create

Project Level

Users with this permission can create or remove an attribute of an object or a derived object. Users with this permission can remove an instance of an attribute type.

This permission applies to users of ClearCase only.

VersionControl CC Branch - Create

Project Level

Users with this permission can create or delete a branch from an element.

This permission applies to users of ClearCase only.

VersionControl CC BranchType - Create

Project Level

Users with this permission can create or delete branch types for a VOB.

This permission applies to users of ClearCase only.

VersionControl CC Hyperlink - Create

Project Level

Users with this permission can create or remove hyperlinks between VOB database objects.

This permission applies to users of ClearCase only.

VersionControl CC Label - Create

Project Level

Users with this permission can create or remove a version label from versions of elements.

This permission applies to users of ClearCase only.

VersionControl CC Trigger - Create

Project Level

Users with this permission can attach or remove a trigger from an element or UCM object.

This permission applies to users of ClearCase only.

VersionControl CVS - Tag

Project Level

Users with this permission have the ability to tag and branch files in the CVS repository. This permission is specific to CVS; in Subversion, tagging and branching are accomplished by copying.
VersionControl CVS - Admin

Project Level

Users with this permission can use the cvs admin command. The cvs admin command should be reserved for users who have extensive knowledge of CVS and administering CVS.
VersionControl CVS - Edit

Project Level

Users with this permission can use the cvs edit command. The cvs edit command allows users to make edits to locked files.
VersionControl CVS - Module

Project Level

Users with this permission can checkout modules to the standard output and/or request a status of all files checked out in the module.
VersionControl CVS - Release

Project Level

Users with this permission can use the cvs release command. The cvs release command checks to make sure no changes have been made to files checked out using cvs checkout before deleting them in a local directory.
VersionControl CVS - Watch

Project Level

Users with this permission can use the cvs watch command. Once the cvs watch command has been applied to a file, updates to the file must be made using cvs edit. Using cvs watch effectively marks a file as read-only except to those users who have cvs edit privileges.
VersionControl CVS Module - Add

Project Level

Users with this permission can add CVS modules through the Version Control administration feature.
VersionControl CVS Module - Delete

Project Level

Users with this permission can permanently delete modules and their histories from the project using the Version Control administration feature.
VersionControl CVS Module - Edit

Project Level

Users with this permission can edit CVS modules through the Version Control administration feature.
VersionControl CVS Module - View

Project Level

Users with this permission can view CVS modules through the Version Control administration feature.
VersionControl CVS Repository - Delete

Project Level

Users with this permission can delete files within the repository.
VersionControl CVS Repository - Rename

Project Level

Users with this permission can rename files within the repository.
VersionControl CVS Repository - ToggleExecutable

Project Level

Users with this permission can change the executable flag of files in the CVS repository.