ProjectWise Explorer Help

Workflow-based and Object-based Security

Access control comes in two forms: workflow-based and object-based. The type of access control you use is a matter of preference, but is generally influenced by how your datasource is set up.

If your datasource is workflow driven, you can use a workflow-based approach to access control, also referred to as workflow security. For example, workflow1 has stateA, stateB, stateC, and stateD. In ProjectWise Administrator, you can set workflow1 to only be accessible by certain users in the datasource. Then you can set which of those users have access to each state in the workflow, and what permissions each user has for folders or documents in that state (for example, read-only, read/write). When workflow1 is assigned to a folder in ProjectWise Explorer, the folder and document security you defined for workflow1 will automatically be applied to the selected folder and its documents.

If your datasource is not workflow driven, you can use an object-based approach, also referred to as object security. In this approach, folder and/or document permissions can be set for the entire datasource in ProjectWise Administrator. Any folders, subfolders and documents in ProjectWise Explorer will inherit these permissions. At any level in ProjectWise Explorer, new permissions can be set which the lower levels inherit. As each new level is created it automatically inherits the permission set from the previous level. This permission set can then be edited and will become the object's own permission set.

The two approaches are independent and only merge when a question of access rights to a particular document or folder must be resolved. If an object has no security items defined for itself, it inherits the security items from the first object up the hierarchy that has defined items.

The security hierarchical structure

Inheritance situation


a document, not in a workflow, with no items defined

The document inherits security from its folder and on up the hierarchy if necessary.

a document, in a workflow, with no items defined

If there is defined security in only one hierarchy (workflow or object) then the document inherits that security. If there is defined security in both hierarchies then the following rules apply:

  • if a security item from either hierarchy has the permission No access, this item applies

  • if the above is not found, the Workflow security hierarchy applies