Permissions Hierarchy
From AgileApps Support Wiki
Revision as of 21:19, 31 August 2010 by imported>Aeric
As a matter of security, there are a number of restrictions on the ability to assign Administrative Permissions. (Object permissions and other permissions are not affected.) Those restrictions affect your ability to modify roles and assign users to teams.
- Note: The primary System Administrator role in the Root team is exempt from all of these restrictions.
Role Management Restrictions
- When editing or creating a role, you cannot assign a privilege that you do not have yourself.
- You cannot manage a role that has a privilege you do not possess:
- You cannot assign it to another user
- You cannot edit it or delete it
- You cannot manage a role that has a privilege you do not possess:
- You can manage roles only for members of your team and its subteams.
User Management Restrictions
- You can manage only those users who are members of your team and its subteams:
- You can only edit users who are members of your team and its subteams.
- You can only delete users who are members of your team and its subteams.
- You can only do a password reset for members of your team and its subteams
- When creating a new user:
- You can attach the new user only to your team and its subteams.
- You can attach the new user only to a role that has your permissions, or fewer.
- You can manage only those users who are members of your team and its subteams:
Team Management Restrictions
- You can only manage your team and its subteams.
- You can assign users only to your own team and its subteams.
Team Data Sharing Restrictions
- When setting up Team Data Sharing Policies both the record-owning and record-sharing teams must be your team or one of its subteams.
- Pre-existing roles are not subject to that restriction, so that what worked before will continue to work.
Proxy Login Restrictions
- When setting up Proxy Login, the user designated as the login ID can only be a member of your team or a subteam.