About BrightWork and SharePoint Security
- Create a Personal Report
- Create a Scheduled Email
- Manually Refresh or Update a Cache
- Design Sync Permissions
- Create Projects, Templates and Portfolios using BrightWork Copy Site
- Custom Security and Copy Site
- Project Request Manager Security
- Task Scheduling Security
- Microsoft Project Professional Tasks List Sync Security
BrightWork uses standard SharePoint security. See below for the various permissions required to carry out specific BrightWork Tasks.
Please read this article by Microsoft for more details on SharePoint permissions:
User permissions and permission levels in SharePoint
Create a Personal Report
Users require Contribute level or higher permissions to create a personal report. This is enabled by BrightWork Reporter having the non-default property of allowing users to edit scriptable web parts. To restore BrightWork Reporter to the default setting, and only allow users with Designer level or higher to create personal reports, you can edit the web.config file.
Restore BrightWork Reporter to Default Setting
To remove 'Allow Contributors Edit Scriptable Web Parts' property from BrightWork Reporter, remove the below line of code from the web.config on every web application that BrightWork is installed on.
<SafeControl Assembly="BrightWork, Version=15.0.0.0, Culture=neutral, PublicKeyToken=bdb4a6220fe9433c" Namespace="BrightWork.UI.WebParts" TypeName="ListItemReport" Safe="True" SafeAgainstScript="True" />
Create a Scheduled Email
Users require Full Control permission in the site to create scheduled report emails.
Manually Refresh or Update a Cache
Users need to be a Site Collection Administrator or a member of the BrightWork Cache Administrator's user group to manually refresh or update a Cache, to configure a cache's views or to add columns to the cache.
To run an update at the site level users need to have Full Control of the site.
Cache Permissions
Permissions should be managed in high level groups as much as possible, especially when it comes to updating either cache. Managing permissions in this way helps reduce the overhead on reading and writing data in a cache.
Design Sync Permissions
This section outlines the various permissions needed to use the Design Sync features.
To Sync a Site with a Template design, or to Bind a Site to a Template, you need:
- Site Collection
-
- View Pages
- Open
- Site that you want to sync to (i.e. the Destination site)
-
- Full Control
- Template that you want to sync from (i.e. the Source site):
-
- Membership of the Read permission group
Create Projects, Templates and Portfolios using BrightWork Copy Site
This section outlines the various permissions needed to use the BrightWork Copy Site.
For maximum simplicity, BrightWork recommends that individuals tasked with creating projects, templates and portfolios have Full Control at the site collection level and that Permission Inheritance is enabled through out the site collection; however, we appreciate that there will be many situations where it is not possible to have permission inheritance globally enabled, therefore we have detailed the various local permissions that are required to create projects, templates and portfolios.
To:
-
Create a project from an existing template
-
Create a project from an existing project
-
Create a template from an existing template
-
Create a template from a existing project
-
Create a portfolio from an existing portfolio
You Need:
-
Site Collection:
-
-
Limited Access and View List Items
-
-
Parent site (e.g. Project Area, Portfolios Area, Templates Area or the project you want to add a subsite to)
-
-
Membership of the Read permission group and Create Subsites
-
-
Template that you want to create a copy of (i.e. the Source site):
-
-
Membership of the Read permission group
-
-
Project or portfolio that you want to create a copy of (i.e. the Source site):
-
-
Membership of the Read permission group and Manage Web Sites
-
Custom Security and Copy Site
BrightWork Copy site does not copy custom security settings such as unique website permissions or fine-grained permissions such as permissions on a list or library, folder, or item or document.
If a user creates a template or a project from a project, that contains items (e.g. a list) that she has fine-grained access to, then those items will be copied and viewable to all users in the target site. This is the same behavior as SharePoint. This means you should exercise caution when using sites with fine-grained permission as a source for a template or a project.
If a user creates a template or a project from a project, that contains items (e.g. a list) that she does not have access to, then those items will not be copied to the target site.
If a user creates a template or a project from a template, that contains items (e.g. a list) that she does not have access to, then those items will be copied to the target site. This means you should not use fine-grained permissions in templates.
Project Request Manager Security
The Project Request Manager template can have its actions restricted to certain people. Use the configure process page to restrict access to ranking, bulk approving or rejecting, or bulk change assignee.
If you do not specify restricted people, default security settings are used:
- For ranking: Contributor access on the list is required.
- For bulk approving/rejecting/change assignee: Contributor and Manage Lists access on the list is required.
If you use the configure process page to restrict access to certain people, they will require Edit access on the list as a minimum.
Task Scheduling Security
The default security requirement for managing task scheduling is Manage Lists.
Users with the Contributor permission level can also use scheduling actions if the option is enabled in the configuration options.
Microsoft Project Professional Tasks List Sync Security
Syncing a Tasks list with Microsoft Project Professional 2013 requires Full or Design permissions.