Project Portal provides roles primarily for workspace security administration. Roles can be assigned to users or to access groups. In the default system configuration, roles override document and folder access profiles, meaning that the role rights are combined with the access group rights. However, users do not need access group rights in order to be assigned role rights. Roles are convenient to handle exceptions in access control.
For example, assume a user belongs to a group that doesn't have access via an access profile to some document or folder. Further assume that the user needs access to that folder or document. They can be assigned to a role that does have access to that document or folder. The role allows them to work with the document or folder without creating a specific access profile for them.
Tip For convenient workspace security administration, we recommend creating the roles described in Creating and assigning workspace management roles.
Roles can be assigned to groups for the entire workspace as described in Adding and removing roles from groups. Users can assign roles to specific documents or folders for which they have the Edit right. For information about assigning roles to documents and folders, see the BlueCielo Project Portal User's Guide. And roles can be assigned to custom properties as described in Assigning roles to custom properties.
A user or a group may not be assigned to a role but still gain access to a workspace due to their user account type. However, if the role rights are specified at the workspace level, the role applies to all folders and documents in that workspace. The main difference is that role rights are valid everywhere in the workspace, whereas access profiles are only assigned to specific folders or documents when they are created.
Under most conditions, it is only necessary to implement either access profiles or roles in a workspace. The choice depends on whether it is necessary to give users different access rights to different folders and documents. If this is the case, the workspace should use access profiles. If users can have the same access rights to all content in the workspace based on their roles, the workspace should use roles.