How it Works

How access control is checked is best explained through an example. Let's assume that Joe is attempting to edit the task T. The steps Celoxis would follow to determine if Joe can do this are:

  1. 1
    Check for the administrative privilege

    If Joe has administrative privilege, then he will be granted the privilege. No other check is required.

  2. 2
    Determine the privilege required

    Joe would require the Edit Task : Granted privilege on T

  3. 3
    Check if the project can be viewed

    Since T belongs to a project, the system will check if Joe has the View Project : Granted on T's project. If no, Joe will be denied the Edit Task privilege.

  4. 4
    Gather all security roles played by the user

    The system will build a set of all roles that Joe plays in T. This would include :

    • All roles assigned to Joe in the project's workspace.
    • All roles assigned to Joe in the project.
    • Auto-assigned roles to Joe for the project and T.

  5. 5
    Build the set of all privileges

    Since a security role is a collection of privileges, based on all the roles played by Joe, the system would build a set of all the privileges for all the roles played by Joe collected in the previous step.

  6. 6
    Check if the privilege has been unanimously granted

    If the collection of privileges includes Edit Task : Granted and does not include Edit Task : Denied, then Joe will be granted the permission to edit the task T; else the permission will be denied.