This document only applies to security level 2. This security level can be set in the TACTIC config file.
To open the Manage Security view, go to the sidebar under:
Project Startup → Manage Security
Note
The default security level for a fresh install of TACTIC 3.7 is security level 1.
The default security level for a fresh install of TACTIC 3.8 is security level 2.
If upgrading from TACTIC 3.7 to 3.8, the security level is not affected (and will probably be level 1).
The security level can be set in the TACTIC config file.
In the Manage Security view, the following tools are provided:
Project Security | Determines which project each group can see. Each project is listed with checkboxes for each group. Adding a checkmark allows the users associate with that group to see the project. |
Link Security | Determines which side bar links will be visible to the group. This type of security applies only to the interface. Note If no columns of groups (eg. client, content_creator, etc.) appear in this view, go to Project Security and allow some groups to view the current project. |
sType Security | Provides low level security for all items. At this level, even the API will respect these security levels. Note If no columns of groups (eg. client, content_creator, etc.) appear in this view, go to Project Security and allow some groups to view the current project. |
Process Security | Provides low level security for all items. At this level, even the API will respect these security levels.. |
Groups List | Lists all the groups. The following fields can be modified: group, description, users, global access ruls, start link |
Understanding Predefined Security Access Levels
TACTIC provides a set of predefined security access levels (i.e. none, low, medium, high) to make it easier to start setting up what a group can see. Associating a group with an access levels presets all the security settings. After that, the administrator can return the Managing Security tool to allow further access in addition to the presets. The presets are outlined in the table below. By default, when an access level is not manually provided for a group, a low access level is assigned.
Description of Access Privileges
access level: none | Can see some projects? Can see all the links in the sidebar? Can see all the processes? Can see all search types? | No No No No |
access level: min | Can see some projects? Can see all the links in the sidebar? Can see all the processes? Can see all search types? | Yes No No Yes |
access level: low | Can see some projects? Can see all the links in the sidebar? Can see all the processes? Can see all search types? | Yes No Yes Yes |
access level: medium | Can see all projects? Can see all the links in the sidebar? Can see all the processes? Can see all search types? | Yes No Yes Yes |
access level: high | Can see all projects? Can see all the links in the sidebar? Can see all the processes? Can see all search types? | Yes Yes Yes Yes |
Note
In the Group List view, if the field name Project Code is left empty, then the group can see all the projects.
If the field named Project Code is filled in, then the access rules are specific to that project.
How the Access Levels are Built Up
To better understand the differences between the Access Levels, the following is an explanation of how the levels were built up:
Access Level None: cannot see anything. Need to use Security tools, as shown in the "What the Manage Security View Provides" section, to define fully customized group security i.e. Project, Link, sType and Process Security tools
Access Level Min: Can see some projects and sTypes.
Access Level Low: Default Access Level. Can see what min sees and all the processes.
Access Level Medium: Can see what low sees and all the projects.
Access Level High: Can see what medium sees and all the links.
Where To Find the Access Levels
To set the access level for a group go to the sidebar under:
Project Startup → Manage Security → Groups List → Access Level
The Different Check Mark Indicators
The solid green check mark indicates that a privilege is due to the Access Level associated to the group that the user is in. In order to remove the green check mark, the user must be removed from this group or the group’s Access Level must be changed.
If additional privileges are added, the check marks are blue with a green background.
In the screen shot below, the group (named high) is the only group with Access Level High. The TACTIC Administrator added the other privileges for the other groups.
For more advanced access control (such as controlling access to edit individual columns), please see the setup doc title: Advanced Access Rule Configuration
TACTIC Security
All information in TACTIC goes through a series of security checks that are built into the lowest level of the software. The security architecture is a rules-based system where an access request to any piece of information must satisfy all the rules before the user gains access to it.
Each user has a login. User logins are assigned to groups, and each group can have a number of access rules attached to it. These rules determine what a user is permitted to see and do in TACTIC. At the base level, these permissions are XML structured rules that are stored in the "access_rules" property of a group SObject. Although inserting these rules directly into the XML code allows for the most flexibility for the project manager, there are various other aspects of the TACTIC interface that can also assist in the rule creation process.
Managing Rules
The "groups" search type contains a property (available in the column manager) named "Global rules." When this property is included in the view, a click-able button is available to load the global rules pop-up. This pop-up provides several predefined global access rules that can be applied to the group:
View Side Bar | View access for the complete side bar. |
View Site Admin | Allow access to see the "Site Admin" section of the side bar. |
View Script Editor | Access to the Script Editor |
View Side Bar Schema | Allow access to the schema section of the side bar. |
View and Save My Views | Save personal My Views |
View Private Notes | Allow viewing of private notes. |
View Column Manager | Allow viewing of the column manager |
Create Projects | Allow creating of new projects. |
Import CSV | Import CSV Files. |
Retire and Delete | Allow the ability to retire and delete in the right-click context menu.. |
To customize the options for these rules, click the edit icon in the Global Permissions column for the desired group. From the rule selection pop-up that appears, select one of the options. When you click the save button, they are committed to the access rule XML for the chosen group.
Side bar Manager Security
You can select which groups can see each of the links in the TACTIC side bar manager.
The Element Detail window lists all groups in the system. Check any group to allow access (or uncheck to deny access). When you click the Save Definition button, your changes are saved to each group’s "access_rules" property. To view your changes in the XML code for any of the groups, navigate to a group view which has the "access_rules" property column.