Security Roles Migration
Introduction
Former security roles were migrated. As a result, some users could be granted permissions to Boxes formerly marked as "private."
In BigPicture 8, the distinction between private and public Boxes doesn't exist. Those settings have been retired and replaced with new security role management options that give you more flexibility.
There is no possibility of a person accidentally accessing or editing items they shouldn't (based on their Jira permissions). A user can't use the App to see anything they can't see in the connected tool (such as Jira) - those items will be greyed out. If Jira permissions don't allow a user to see or edit an issue, they won't be able to do it using the App. If a user has access only to half the issues in a Box, the other half will be marked as "No access."
Inheritance of Roles
In BigPicture 8, roles are always inherited from upper-level Boxes. Therefore, security roles granted in the Home (root) Box apply to all sub-Boxes in the hierarchy (all sub-Boxes and their children nested under the Home Box). For example, if someone is a Box Admin of the Home (root) Box, they automatically have the same permissions in all sub-Boxes through the hierarchy.
When you create sub-Boxes, the following roles are inherited:
Box Admin
Box Editor
Box Viewer
The sub-Box Creator role is not inherited.
Roles inherited from upper-level Boxes are not listed in Box Configuration > Security and must be modified in upper-level Boxes. Only roles assigned directly to a particular Box are listed.
Box Types - Security Role Template
In BigPicture 8, we introduced Box types. A Box type is akin to a template; it allows you to define various default Box settings, including security roles.
In Box Type settings, you can create a security role template (grant users various roles). Then, each time you create a new Box of that type, the roles are copied from the template into your new Box. A Box Admin can later manage those users in Box Configuration.
Read more about Box Type settings.
Box Types - Inheritance Mode
Each Box can have one of two available Inheritance modes when it comes to security roles:
Own with inherited (roles inherited from upper-level Boxes + user roles added directly to the Box).
Inherited only (user roles can't be added directly to the Box - the security tab is hidden. The Box type of the parent Box doesn't matter, the roles are still inherited).
Example: Program Increments below inherit roles from their direct parent (OMEGA), the Portfolio Box, and the Home (root) Box. Home and Portfolio are greyed out because the logged-in user does not have access to them (they were not assigned any roles in those Boxes). ALFA is a same-level box as OMEGA. It is not a parent of OMEGA, so roles from ALFA are not inherited by Program Increments nested under OMEGA.Changing the Inheritance mode of a Box type impacts all Boxes of a given type (both existing and newly created). Changing the mode from "Own with inherited" to "Inherited only" overrides the setup of an individual Box - if a Box had a unique role assignment, it would be replaced with the setup of the upper-level Box. Reverting to "Own with inherited" restores the previously assigned roles. In the "Inherited only" mode, the Security tab of an individual Box is hidden (you can't access it in Box configuration).
Creating a new Box makes you its Admin (if the Inheritance mode allows it).
You can't create a Box you won't be able to configure and delete later.
Role Migration
In the table below, you can find an explanation of role migration from BigPicture 7 to BigPicture 8.
In general, you can find information on security in BigPicture 8 on the following pages:
Box Types - this page contains information on configuring the default Security settings that work as a template when you create new Boxes and the Inheritance mode.
Global Roles - this page explains App Administration settings and how access to the App is granted to, for example, Jira users.
Box configuration - this page explains what roles are available within the App and how to change them for an individual Box.
Technical Configuration of the App - this page provides information on how to activate/deactivate the use of roles within the App.
Security (Overview module) - this page explains the impact of setting up security Roles for the Home (root) Box and lists available roles.
BigPicture 7 | BigPicture 8 | Comment |
---|---|---|
App Admin (Global Role) |
| With this security role, you have administrative access to every Box, Gadget, and to the Business Administration. |
Global User |
| A role still exists in BigPicture 8, but the access has changed:
Migration:
Changing/deleting access options:
|
Global Editor |
| The Global Editor role doesn't exist in BigPicture 8. Migration:
Changing/deleting access options:
|
Global Program Creator |
| The Global Program Creator role doesn't exist in BigPicture 8. Migration:
Changing/deleting access options:
|
Global Program Admin |
| Global Program Admin role doesn't exist in BigPicture 8. Migration:
Changing/deleting access options:
|
Program Admin |
| Becomes a Box admin:
|
Program Editor |
| Becomes a Box editor:
|
Program User |
| Becomes a Box Viewer:
|
Program Lead |
| Becomes a Box Admin:
|