Permissions govern which user or user group may do what.
ARCWAY Cockpit uses a sophisticated permission management that distinguishes basic permissions and project-specific permissions. Basic permissions are e.g. Administrate System, Create Cockpit Projects. They are defined for the server. Project-specific permissions, on the contrary, are defined for particular objects, e.g. a project, a folder, or a specific plan.
All permissions in ARCWAY Cockpit are positive permissions. That means, you can only grant permissions, but you cannot deny them.
Users are entities with a server-wide scope. They are used to login to a server and to identify a user. Users can be organized in groups. Permissions granted to a group automatically apply to all users the group contains.
Stakeholders are used to manage the stakeholders of a project, both internal and external. With stakeholders you can e.g. track who created, changed or deleted an item in ARCWAY Cockpit. They have a project-wide scope. Server users are considered as internal stakeholders and can be mapped to project stakeholders. The idea is that one user may appear as several different stakeholders in different projects, but need not be a stakeholder in all projects. On the other hand, not all stakeholders of a project need to be mapped to users. Those who are not mapped to a user are considered as external stakeholders. Consequently, they do not have a login to the server.
It is not possible to grant permissions to stakeholders directly. First, stakeholders need to be assigned to one or more roles, and permissions are then granted to the roles. Permissions granted to a role automatically apply to all stakeholders that are associated with the role.
You need to have administrator privileges to manage users. To launch the user administration dialog select Server→User Management→Users... in the main menu.
In this dialog you see a list of servers at the top, the list of users on the left and details for the selected user on the right. You can search the list of users (1), edit an existing user (2) or change his password (3), delete an existing user (4) or create new users (5). You may also assign a user to a group (6) and assign basic permissions to the user.
You need to have administrator privileges to manage groups. To launch the group administration dialog select Server→User Management→User Groups... in this menu.
In this dialog you see a list of servers at the top, the list of groups on the left and details for the selected group on the right. You can search the list of group (1), edit an existing group (2), delete an existing group (3) or create new groups (4). You may also assign users to the group (5) and assign basic permissions to the user.
Please note that the groups Administrators and Everyone cannot be deleted. You also cannot revoke the admin permissions of the Administrators group.
The stakeholders are displayed in the Project Navigator. To manage the stakeholders, simply right-click on one of the Stakeholders and pick Properties in the context menu. Please note that you need the Administrate Stakeholders permission to perform this action.
In this dialog you see the details of the selected stakeholder on the right. Now, you can edit the attributes.
Additionally, you may also assign or remove roles to the selected stakeholder.
To create a new stakeholder right click on the Stakeholders node and pick New→Stakeholder... from the context menu. Or you generate a new stakeholder from an existing server account by picking New→Stakeholder from server user....
The roles are displayed in the Project Navigator. To manage a role, simply right-click one of the Stakeholder Roles item and pick Properties in the context menu. Please note that you need the permission Administrate Stakeholders to perform this action.
In this dialog you can see and modify the details for the selected role on the right.
You may also add or remove stakeholders to the selected role.
To create a new role, use the context menu Stakeholders→New→Role... or Roles→New→Role...
Permissions govern which user or users of which group or role may do what. ARCWAY Cockpit distinguishes between basic permissions and project-specific permissions. Basic permissions are e.g. Administrate System, Create Cockpit Projects. They are defined for the server. Project-specific permissions, on the contrary, are defined for particular objects, e.g. a project, a folder, or a specific plan.
All permissions in ARCWAY Cockpit are positive permissions. That means, you can only grant permissions, but you cannot deny them.
ARCWAY Cockpit defines the following basic permissions:
| Permission | allows you to... |
|---|---|
| Administrate System |
|
| Create Cockpit Projects |
|
| Operator |
|
Basic permissions can only be assigned to users and groups in the user or group admin dialogs. Basic permissions cannot be assigned to roles.
Project-specific permissions apply to a certain object, e.g. a folder or a particular plan. Partially permissions can be edited on attribute level of those objects.
To view or edit the permissions of an entire project select the project and choose Project→Manage Permissions... in the main menu. This will launch a dialog to manage the permissions for the objects of the project.
As since Release 2.0 permissions can be administered on attribute level, the number of the horizontally listed permissions has highly increased. For this reason there is a filter in this dialog with the aid of which the number of permissions respectively the number of the displayed permission owners is restricted.
In the picture above, for example, the selection of the displayed permissions is not restricted as for this filter Everyone is selected.
At the top you can see a table with permissions (columns) and
permission owners (rows). Permission owners are roles, users, and
groups.
Every checkmark in one of the checkboxes shows that the permission
in the head of the column is granted to the permission owner in the
first column of this row. In order to grant or withdraw a
permission you simply have to click into the respective checkbox
for making or removing a checkmark. If you want to grant the
permissions for all attributes of an object to a user, a role or a
group, e.g for all attributes of a project, then enable the
checkbox All Project attributes.
At the bottom of the dialog you can see the buttons to add a new user, group or role to the list of permission owners or to remove the selected permission owners.
Please note that you can neither remove the user Administrator or the group Administrators nor restrict their permissions.
Instead of creating and managing an own set of user and groups in ARCWAY Cockpit, you can configure a server, so that it connects to an existing user management (e.g. Active Directory under MS Windows) system via LDAP to retrieve existing users, groups and their assignments.
It is not possible to create and manage users, groups and their assignments. It is only possible to give permissions to users or groups. Therefore, most of the buttons are deactivated in the previously described dialogs for managing users and groups.
For more information on installing the LDAP connection of a Cockpit Server and an existing user management system, please see the Server Installation Instructions.