Setting Granular Security in ProjectWise Administrator

By default, any user who is a member of the Administrator group has access to, and full control over, all datasource nodes in ProjectWise Administrator. And no user, while they are a member of this group, can ever be restricted from having access to any datasource node in ProjectWise Administrator.

If you want to let certain users manage only certain datasource nodes without adding them to the Administrator group, you can do so by adding them to the Restricted Administrator group, and then granting them access to particular datasource nodes in ProjectWise Administrator as needed. This is referred to as granular security.

The Restricted Administrator group is created along with the main Administrator group when the datasource is created. By default the Restricted Administrator group has no members. After datasource creation, you only add to the Restricted Administrator group the users who you want to have access to certain nodes. If you do nothing else but add a user to the Restricted Administrator group, that user will be able to log in to the datasource in ProjectWise Administrator, but nothing more. All datasource nodes will be hidden when they log in. After adding a user to the Restricted Administrator group, the next step is to give that user access to the datasource node or nodes you want to let them manage. This is done by adding the user to the Granular Security tab that exists on the Properties dialog for each datasource node. You can give users in the Restricted Administrator group access to as few or as many datasource nodes as you need. You can also give users in the Restricted Administrator group access to the main datasource node, to manage datasource properties and settings if necessary.

The following security options can be set for a Restricted Administrator on each datasource node in ProjectWise Administrator, including the main datasource node itself:

Full control — Turns on the Change Permissions and Change Settings options.
Change permissions — If on, the specified user can add users to or remove users from the node and set permissions as needed.
Change settings — If on, the specified user can work with this node, just the same as any member of the Administrator group.
No access — If on, the node is hidden from display when the specified user logs in to the datasource.

Note: Make sure the user setting General - Use access control is turned ON for any user you add to the Restricted Administrator group.

Note: If you add a user to the Restricted Administrator group but do not give them access to the main datasource node, then when that user logs in, they can still open the Datasource Properties dialog, but the tabs they see will depend on whether or not the user logged in to the operating system on the ProjectWise Administrator computer is also a member of the Administrators group on the operating system of the ProjectWise Design Integration Server computer. If they are a member of the system Administrators group, they will see and be able to edit information on the General, Security, and Database Users tabs. If they are NOT a member of the system Administrators group, they will only see the General tab, and all the controls on it will be read-only.

To Add One or More Users to the Restricted Administrator Group

To Give a Restricted Administrator Full Access to a Particular Node in ProjectWise Administrator

To Give a Restricted Administrator Partial Access to a Particular Node in ProjectWise Administrator

To Give the Entire Restricted Administrator Group Access to a Node, Then Give One User in the Group No Access to That Node

Notes on Restricted Administrators and Granular Security

Parent topic: Security