Access controls for projects and requests

Depending on how your organization manages projects, you might configure security policies so that only certain users can create projects while other users must create requests for projects that other users approve or reject.

When this is the case, it is also possible that one group of users creates the projects from the requests and then a different group of users works with the projects created by the first group.

To support this business case, project templates have two security policy settings:

  • The "view" policy specifies which users can select the template when they create projects or requests for projects. The template developers can specify one or more view policies for each project template.
  • The "use" policy specifies who can access a project after a project is created from a request.

The "use" policy can be determined in one of two ways:

  • The template developer specifies the security policy in the template's Summary tab.
  • The template developer configures the template so that the user creating the project or project request can specify the "use" policy.

The way a "use" policy is determined is referred to as the "security policy use model." When the use model is set to Template, the template developer specifies the "use" policy. When the use model is set to User, the person creating the project request from the template selects a security policy from the list that is visible.