Example security configuration for project requests

This example describes an organization, XYZ Corporation, that has a Plan team, a strategic marketing team, and some miscellaneous marketers.

Users create two types of projects and requests: trade shows and strategic accounts.

  • Trade show projects: junior marketers create requests for trade show projects. The requests can be submitted to anyone in the marketing organization, and the resulting projects can be worked on by anyone as well.
  • Strategic account projects: junior marketers also create requests for strategic account projects, but they can supply information on the Summary tab only. Additionally, requests can be submitted to members of the strategic marketing team only, and the strategic marketing team is the only team that participates in the projects.

Security policies

The system administrators at XYZ corporation configured two security policies.

  • Marketing Ops, for members of the marketing operations team. Security for the templates is configured as follows in this policy:
    • Trade show template: all project roles have access to all tabs.
    • Strategic Accounts template: the Request Owner role has access to the Summary tab only.
  • Strategic Marketers, for senior members of the marketing staff. Security for the templates is configured as follows:
    • Trade show template: all project roles have access to all tabs.
    • Strategic Accounts template: all project roles have access to all tabs.

Template permissions

To set up the workflow described above, the template developers configured the templates with the following permissions.

  • The Summary tab of the Tradeshow template has the following security policy settings:
    • Security Policy Use Model: User. The user who creates the request specifies the security policy to apply to the request.
    • View Security policies: Marketing Ops., Strategic Marketers. (Any user can select the Tradeshow template.)
    • Use Security Policy: Blank. When the use model is set to User, the Use security policy field is disabled. When users create projects or requests from this template, they must specify the security policy.
  • The Summary tab of the Strategic Accounts template has the following security policy settings:
    • Security Policy Use Model: Template. The template developer sets the value in the Use security policy field.
    • View Security policies: Marketing Ops., Strategic Marketers. (Any user can select the Strategic Accounts template.)
    • Use Security Policy: Strategic Marketers. This means that the user who creates the request cannot specify the security policy for it. Instead, the requests created from this template are assigned the Strategic Marketers security policy. Then, only the senior marketers who have security roles assigned from the Strategic Marketers security policy can access the project requests and the projects created from those requests.

Example usage

Consider the following users assigned to the following security polices:

  • Strategic Accounts security policy: Mary Manager, Strategic Sam
  • Marketing Ops.: Junior Jim, Sophomore Sally

Users create requests and projects as follows:

Table 1. Example project requests
Project or request Work steps
Trade show project Junior Jim creates a trade show request and submits the request to Strategic Sam. Strategic Sam approves the request and sets Vendor Vinny as the owner of the project.
Strategic accounts project: Junior Jim creates a Strategic Accounts request, SA01, providing information for the only tab that he has access to, the Summary tab. The request is automatically assigned the Strategic Accounts security policy and Jim cannot change it.

Summary

  • Anyone can create a request for a trade show or a strategic accounts project.
  • Anyone can be the recipient of a trade show request, and anyone can be assigned to a trade show project.
  • Only users with roles from the Strategic Accounts security policy can work on strategic accounts projects.