Set Parameter Permissions

The Set Parameter Permissions command allows you to edit the permissions for individual parameters for the given entity. This command is accessed from the Permissions button at the top of the Parameters tab on the entity property sheet.

 

  

 

The allow/deny permissions available are:

 

• Read - the user or group has / does not have permission to read the selected parameter. This permission is inherently assigned when a user is given Read permission to the entity. To prevent a user or group from reading a parameter, you must use the Deny option on the Read permission.

• Update - the user or group has / does not have permission to change the selected parameter.

• Full Control - the user or group has / does not have the administrative rights to this parameter. Having Full Control will allow the user to update permissions on the parameter.

 

Denial of permission takes precedence over all other access specifications. Therefore, if you deny read permission to a user for a parameter, it does not matter what other permissions have been specified for that user or any of groups the user belongs to – the user will not be permitted to read the parameter.

 

For the parameter displayed in the drop-down list, all users and groups with permission to that parameter will be shown in the multi-column list. To manipulate the permissions and denials for a user or group, select the user/group in the list pane and check / uncheck the desired items. Users and groups not currently explicitly granted permission to the parameter are shown in the list on the left. To grant permission to a new user or group, use the right arrow to transfer the user onto the permission list.

 

NOTE:

What permissions are required to edit parameter permissions? To edit parameter permissions for an entity, you must have administrator permission for the entity.

 

 

NOTE:

Following standard best practices regarding assigning permissions, it is far better to grant permissions to groups than to individual users. Over time, this approach proves far more manageable and scalable. As new team members are added to the project, they can simply be added to the appropriate group. As team members leave the project, they can be removed from the group. This is far simpler than changing permissions for individual users across the scope of a project.