Access Control List (ACL)¶
An access control list is a set of rules consisting of who users/teams that have a role describing what they can do.
In the system access control is delegated to a linked ProjectElement in most cases. This has a state_id and and access_control_list_id which are used to goven access to data. The access control lists is a made of a set of access control entries (ACE). Each ACE grants a role (collection of rights) to owner (team/user).
In use
Internally all access control edits are done via creating a temporary copy of the orgainal access control list, changing this then once ready replacing the orginal. The replace can either be on 1 record or call a record and all children. At present there is only one override where all current access control records are updated and this it the default access control for a team edited via team page. The grant/deny here effects all records still using this access control list.
In the setup of access control there are two main approaches
A) Simple team based method
1) Create separate root projects for each team to use
2) Setup default access control list for team
B)Detailed access control method
1) Create a complex tree of projects
2) Administrate access control via custom access control list at each project level
Method A) is designed for partitioned work with teams bascally manage there own areas and working separately. If people are working together closily its assumes there in the same team and work under the same work project. It is also the simplist starting point. Method B) allows for very complex cross team sharing and but does need more management as have to define access at a number of levels.