About BrightWork and SharePoint Security

BrightWork uses standard SharePoint security. See below for the various permissions required to carry out specific BrightWork Tasks.

Please read this article by Microsoft for more details on SharePoint permissions:

User permissions and permission levels in SharePoint

Create a Personal Report

Users require Contribute level or higher permissions to create a personal report. This is enabled by BrightWork Reporter having the non-default property of allowing users to edit scriptable web parts. To restore BrightWork Reporter to the default setting, and only allow users with Designer level or higher to create personal reports, you can edit the web.config file.

Restore BrightWork Reporter to Default Setting

To remove 'Allow Contributors Edit Scriptable Web Parts' property from BrightWork Reporter, remove the below line of code from the web.config on every web application that BrightWork is installed on.

<SafeControl Assembly="BrightWork, Version=15.0.0.0, Culture=neutral, PublicKeyToken=bdb4a6220fe9433c" Namespace="BrightWork.UI.WebParts" TypeName="ListItemReport" Safe="True" SafeAgainstScript="True" />

Create a Scheduled Email

Users require Full Control permission in the site to create scheduled report emails.

Manually Refresh or Update a Cache

Users need to be a Site Collection Administrator or a member of the BrightWork Cache Administrator's user group to manually refresh or update a Cache, to configure a cache's views or to add columns to the cache.

To run an update at the site level users need to have Full Control of the site.

Cache Permissions

Permissions should be managed in high level groups as much as possible, especially when it comes to updating either cache. Managing permissions in this way helps reduce the overhead on reading and writing data in a cache.

Design Sync Permissions

This section outlines the various permissions needed to use the Design Sync features.

To Sync a Site with a Template, or to Bind a Site to a Template, you need:

  • Site Collection: Read permission level
  • Site that you want to sync to (i.e. the destination site): Full Control permission level
  • Template that you want to sync from (i.e. the source site): Read permission level

Create Projects, Templates and Portfolios using BrightWork Copy Site

This section outlines the various permissions needed to use BrightWork Copy Site.

For maximum simplicity, BrightWork recommends that individuals tasked with creating projects, templates and portfolios have Full Control at the site collection level and that Permission Inheritance is enabled throughout the site collection; however, we appreciate that there will be many situations where it is not possible to have permission inheritance globally enabled, therefore we have detailed the various local permissions that are required to create projects, templates and portfolios.

To:

  • Create a project from an existing template

  • Create a project from an existing project

  • Create a template from an existing template

  • Create a template from an existing project

  • Create a portfolio from an existing portfolio

You need at a minimum:

  • Site Collection: Limited Access permission level and View Items permission

  • Parent site (e.g., Projects Area, Project Office, Portfolios Area, Templates Area) to which you want to add a subsite: Contribute permission level and Manage Lists, Manage Web Site, and Create Subsites permissions

  • Template that you want to create a copy of (i.e. the source site): Read permission level

  • Project or portfolio that you want to create a copy of (i.e. the source site): Read permission level and Manage Web Site permission

Custom Security Settings and Copy Site

BrightWork Copy site does not copy custom security settings such as unique website permissions or fine-grained permissions such as permissions on a list or library, folder, or item or document.

If a user creates a template or a project from a project, that contains items (e.g. a list) that she has fine-grained access to, then those items will be copied and viewable to all users in the target site. This is the same behavior as SharePoint. This means you should exercise caution when using sites with fine-grained permission as a source for a template or a project.

If a user creates a template or a project from a project, that contains items (e.g. a list) that she does not have access to, then those items will not be copied to the target site.

If a user creates a template or a project from a template, that contains items (e.g. a list) that she does not have access to, then those items will be copied to the target site. This means you should not use fine-grained permissions in templates.

Project Request Manager Security

The Project Request Manager template can have its actions restricted to certain people. Use the configure process page to restrict access to ranking, bulk approving or rejecting, or bulk change assignee.

If you do not specify restricted people, default security settings are used:

  • For ranking: Contributor access on the list is required.
  • For bulk approving/rejecting/change assignee: Contributor and Manage Lists access on the list is required.

If you use the configure process page to restrict access to certain people, they will require Edit access on the list as a minimum.

Task Scheduling Security

The default security requirement for managing task scheduling is Manage Lists.

Users with the Contributor permission level can also use scheduling actions if the option is enabled in the configuration options.

Microsoft Project Professional Tasks List Sync Security

Syncing a Tasks list with Microsoft Project Professional 2013 requires Full or Design permissions.

Was this article useful?

SharePoint Basics
Back to Top

Still need help? Contact our Support Team.