Improving Project Permisions

Currently we have only one permision related to the project module, which gives a all permissions to the project module. Other users on the system have readonly full access to projects. So I see two drawbacks here:

  1. There are users on the system that must not access the project info, for example the current projects is not relevant to the accountant.
  2. There is no project user, which is only allowed to work on the existing tasks.

It will be great if we add a new “Project Group” which the following permissions:

  • Only users of this group can access the “Project Menu”
  • Users of this group can read and modify existing projects/tasks but can not create or delete them.

Comments and opinions are very welcome.

I don’t see any issue here. Projects are not critical information that should be hidden.
But of course, some field could be sensible but in that case it is a customization of the field access.

I’m not sure to understand what you mean. Encoding time-sheet does not require any access right on the project.

For me, this sentence contains contradictions.

Maybe we can provide a good defaults for this. .

For me working in the task means more than encoding timesheet, for example:

  • Describing what have been done in the description.
  • Marking the task as done

But also means:

  • Not being able to modify task planification.

Right, i mean, can read and modify, but not create or delete tasks/projects.

This should probably use the “Note” feature and so it doesn’t require write access on the record.

I think this should be done with buttons. And with issue5010, such button could not require write access.
But the difficulties is that there is no obvious work-flow for project/task, so maybe just displaying all available states as button is good enough.

I think it will be a mistake to give write access by default. Indeed I think we should avoid to have the need to write access by using other Models like timesheet, buttons or wizards.

One more thoughts, I think we could have a new module that allow to configure access rights per project/task. It could be a list of users for each accesses that are inherited by default from the parent. This could be managed with the record rules.

Just for future reference, this is not correct. The note feature requires create access on the model to create notes, and write access on the model to edit notes.

This should probably be improved by the new module I described.
So it could have a list of user who has the right to add notes/attachment.

Does this module exist? I can’t seem to find it anywhere

Hi Pedro, this feature is not yet implemented, so it’s normall that you did non find it anywhere.

But it will be great to extend this topic with your needs to see if there is something that can be improved.

Not much. We are going to use the project module to keep track of some internal projects that affect different areas and personel. Most of the users in the organization will be involved in at least one project (so almost all the users should have access granted to project/tasks) but most of them will just be interested in their own tasks and subprojects. Being able to limit the access rights would be nice.