Feature Request: Inheriting Permissions

Currently permissions on Project Spaces and Projects are set independently – if you create a new Project it defaults to only the owner having permission, then you have to update the permissions to match the Project Space (if you want them to be the same). Then if you change the permissions on the Project Space you also have to apply those changes to the Projects within it. This is particularly challenging as we want the ‘members’ group to have Read permission to all folders, but if someone forgets to add them then that Project is invisible to others.

We have requested a feature to set Projects to inherit permission from their Project Space (Service Request #18183).

I’d be keen to hear any thoughts or feedback from the community - is this a feature you would like to see too?

3 Likes

I like the inheritance idea. Managing permissions in the current platform configuration can be quite tedious. It should be an option at the time of project creation, but should also have the capability to break inheritance or push inheritance at-will after creation.

I agree. By default, projects should inherit permissions from the project space unless the user chooses to remove the inherited permission.

We’re encountering this in our testing… we really really, really, really want this feature …

I believe I understand the ask. From a theory perspective, we operate with principle of least privilege so that is why it seems onerous to add to space and then project.

Some of how it works is driven by some conversations we have had with people that needed more security for Finance and HR spaces. For those you would maybe have read access on the space level and then individually/manually grant for each project you need.

The intent of groups is to make it such that you could permission the group once but then subsequent users added are then sort of taken care of. Does that help the use cases you guys are describing?

Omair, is what you are wanting an across the board inheritance? partial inheritance? over-rideable?

From a management perspective how many projects are typically under a project space for the people here? and how many spaces are in use?

The ideal solution for me would be flexibility to choose either. I.e. you can set a Project to inherit permissions from it’s Project Space, or to not inherit, in which case permissions can be set individually for the Project. Could simply be a tick box on the Permissions dialog. I’d be fine if the default is ‘not inherit’, perhaps you could have the option on the ‘Create Project’ dialog so that we can choose when we create it!

Also note there is what I would consider a bug at the moment with permissions, or at the very least it is un-intuitive. That is, when you create a new Project Space and add ‘Full Access’ permissions for users / groups at the Project Space level, those users / groups will automatically be added to the default ‘shared’ Project but with ‘Read Only’ permission. This has caught us out because you give them ‘Full Access’ on the Project Space and therefore expect them to get the same on the ‘shared’ Project.

On initial add of a user to the project space, the permissions in shared should mirror what was done on the space level so yes I would say that is a defect so please file if it hasn’t been already.

If anybody else has thoughts then do chime in and we will continue to monitor.

Yes please provide an option to inherit project space permission to project folders. today, Imagine a user or groups needs access to multiple project spaces then we need to provide access to project spaces and project individually. This adds lot of manual efforts to Org Admin. Please fix this issue asap.
Also please provide API option for permissions.