Versions Compared

Old Version 6

changes.mady.by.user Anna Ciepłota

Saved on

compared with

New Version 7

changes.mady.by.user Agnieszka Sienkiewicz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Contents:

Table of Contents

...

stylenone

Multiple settings must be changed to fully benefit from the available BigPicture's security options, multiple settings have to be changed. This article is just provides an overview of the configuration. To get For more details regarding any subject, follow a the link to the dedicated page. 

...

Limitations

No user can ever see anything they can't see in the connected tool (such as Jira) - those items will be greyed out. If Jira permissions don't allow

...

users to see or edit an issue, they won't be able to do it using the App. If a user

...

can access only

...

half the issues in a Box/Program, the other half can't be viewed. This means there is no possibility of a person accidentally accessing or editing items they don't already have permission

...

to access in the external tool (such as Jira).

Info

...

Jira Admins always have full, unrestricted access to all Boxes and the App.

Available User Security Roles

App Administration

You can find the For a detailed description here, read Security (Administration).

  • App User (has access to the App - sees the App dropdown at the top. This doesn't translate into actual access to Boxes/Programs! . User security roles have to be specified on a Box level)

  • App Admin

User Roles in Boxes

You can find the For a detailed description here, read Security (Administration).

  • Box Viewer

  • Box Editor

  • Box Admin

  • subSub-Box Creator

Enabling Roles 

The App gives you a lot of BigPicture offers great flexibility when it comes to setting up roles, but to utilize that, you have to you must first enable the use of roles in general to utilize that.  Make Make sure that you have enabled the use of roles in the  configuration of the Appthe app's configuration

...

Access to the App 

Users need access to the App itself. This The configuration is configured set in App Administration (. Go to the App's drop-down at the top > and choose Administration).

There are only two types of App access:

...

Tip

User roles inherited from upper-level boxes are not listed in Box Configuration > Security. They can be viewed only at the upper-level of the hierarchy, in the Box where they have been added.

...

Info

In general, roles are always inherited, but depending on the Box type:

  • Own with inherited - a Box inherits roles from upper-level Boxes, but users can also be granted roles within that particular Box.

  • Inherited only - you can't manually add users to the Box.

Read more about Box Type settings

...

In BigPicture 8, roles are always inherited from upper-level Boxes - therefore, . It means that the security roles granted in the Home (root) Box apply to all sub-Boxes in the hierarchy (all sub-Boxes and their children nested under the Home Box). For example, if someone is a Box Admin of the Home (root) Box, they automatically have the same permissions in all sub-Boxes thought through the hierarchy.

Tip

If you want to grant a user the same role in all Boxes, assign it within the Home (root) Box. It will be inherited throughout the Box hierarchy.

...

To change the assigned security roles within a given Box, go to Box configuration > Security.

Box Type 

In BigPicture 8, we have introduced Box types -  a . A Box type is akin to a template; it allows you to define various default Box settings, including security roles.

In Box Type settings, you can create a security role template (grant users various roles). Then, each time you create a new Box of that type, the roles are copied from the template into your new Box. A Box Admin can later manage those users in Box Configuration. Read more about Box Type settings.  

...

Different settings options

...

App Admin vs. Home Box Viewer

You may want some people to be able to view all the Boxes, boxes but not to be able to make changes to them. If you add a user as an App Admin, they have full access to everything. But, if you add someone as a Viewer to the "Home" (root) Box, they can see all the Boxes and their contents but can't edit them.

...

You may also want someone to have Admin access to all Boxes, but not to the App itself. An App admin can, for exampleinstance, edit Box types. If you want a person to be able to carry out all possible operations on Boxes but not change the App setup itself, making them a Box Admin of the "Home" (root) Box accomplishes exactly that. A user will see all the Boxes , and can configure them, delete them, move them, etc. but won't be able to alter the App setup. 

Inheritance Mode

In general, roles Roles are always inherited, but depending on the Box type:

  • Own with inherited - a Box inherits roles from upper-level Boxes, but users can also be granted roles within that particular Box.
    A good example of an Example: the implementation of this mode would be a Project Box within a Portfolio. A Manager may need access to multiple projects. You can make them an Admin of a Portfolio - this way, they automatically get admin access to all Boxes within it. In the Portfolio, you can have individual Project Boxes - team members and Project Leads are added to their respective Project Boxes. Those Project Boxes allow you to grant roles within them - if someone is an Editor in "OMEGA" Box, they don't have access to other same level Boxes ("ALFA" and "Implementation Project" in the example below).

  • Inherited only - you can't manually add users to the Box.
    Keep in mind, Program Increments and Iterations are Boxes, too. Usually, they They are usually used to organize tasks within a given project Box. There is no need for to add a separate set of users to be added to those Boxes. Everyone that who is meant to work on a project is added to the main project Box. 

All those security options combined make sure ensure you can grant users exactly the access they need. 

...

Match Security Roles

Tip

In general, remember that security Security roles match
Security roles should match. If someone can edit a JIRA project, make sure they are also able to edit a corresponding Box (program) in BigPicture.

Lack of access

...

to the App

For example, Tom is a JIRA user.

...

He is an Administrator of the "Aggregation" JIRA Project. 

...

There is a corresponding Boxbox in BigPicture. The JIRA Jira project has been added to its scope. However, Tom hasn't been granted any roles within that Box. ThereforeAs a result, when Tom logs in, he can't even see the Box within the App. Below, you can see the setup of the Box.

...

When Tom logs in, he can't find the Box. 

...

Lack of access

...

to Jira

Sarah is an App Admin. This means she can see and manage all the Boxes and configure the App itself. However, she can't do it if she tries to edit a JIRA Jira issue and she doesn't have sufficient permissions within a JIRA project, she can't do itJira project. In other words, permissions within JIRA Jira limit possible user operations in the App.

For example, in JIRA, Sarah can't even browse the "Allocation Details" project in Jira. Because she is an App Admin, she can access a corresponding "Allocation Details" Box in BigPicture (and configure it); however, she can't view the tasks. She doesn't have the necessary JIRA Jira permissions, so she can't see them in the App. 

...

If you see the following message whilst trying to access either BigGantt or BigPicture for Jira Cloud, follow the steps described in this article Insufficient JIRA Permissions in BigPicture/BigGantt.