Getting Started with Security Roles

Overview

Security roles are the central mechanism for controlling what users can do in TeamDynamix. A security role defines which actions and visibility options are available to the users to whom it is applied.

Security roles and license types are distinct but work together. The license type sets the ceiling — it determines which permissions and applications are available within a security role. The specific permissions active on any given security role are a subset of what the license type allows. This means you can have multiple security roles using the same license type, each with a different combination of permissions, to give different groups of users more granular control over what they can do in your environment.

Every user must be assigned a global security role, and each user consumes one license of the type associated with that role. There is no limit to the number of security roles you can create.

The table below shows examples of security role naming conventions from different TeamDynamix implementations. The names vary, but each role maps to an underlying license type.

Institution A Institution B
Enterprise Full Access
Technician Ticket Worker Bee
Team Member Project Worker Bee
Client Faculty/Staff
Student Technician Student Technician

Global (Environment) vs. Application-Level Security Roles

Every user has exactly one global security role, which applies across the entire environment. The global security role determines the user's license type, establishes baseline capabilities that span all applications (such as the ability to view all accounts/departments or manage groups), and controls which applications can be assigned to the user.

In addition to the global role, users can have a separate application-level security role for each application to which they are assigned. Application-level security roles control what a user can do within a specific application. The following application types each have their own security roles:

  • Ticketing applications
  • Asset/CI applications
  • Client Portal applications
  • Project applications

This structure allows for precise, per-application control. A common example: a technician might have full permissions in the IT ticketing application and a more limited set in the HR ticketing application — without any change to their global role. Similarly, a user might be able to create projects in one Project application but only view them in another.

Application-level security roles operate within the boundaries of the user's global role and license type. You cannot grant application-level permissions that exceed the capabilities of the user's license type.

Note that some permissions exist in both the global security role and in application-level security roles, with different scopes. For example, issue and risk permissions in the global security role apply to workspaces, programs, and portfolios, while the equivalent permissions in a Project application security role apply only within that application.

Creating and Modifying Global/Enterprise Security Roles

To create a Global/Enterprise Security Role:

  1. Log in to TeamDynamix and go to the TDAdmin application
  2. In the left navigation, select Users & Roles > Security Roles
  3. Click on the green +New button and populate the Name and select the License Type
  4. It is advised to click Select Defaults for the License Type as a starting point
  5. Depending on the License Type selected, certain permissions will be available to enable
  6. Review each permission to determine what is appropriate for the intended recipients of the Security Role. Click a permission name to see descriptions
  7. When finished, click Save

To modify an existing Global/Enterprise Security Role:

  1. Log in to TeamDynamix and go to the TDAdmin application
  2. In the left navigation, select Users & Roles > Security Roles
  3. Select the name of the Security Role you'd like to modify and make desired name or permission changes.

Creating Application-Level Security Roles

To create an Application-Level Security Role:

  1. Navigate to the Admin interface for the application:
    • Client Portal admin: From the Client Portal, click your name in the top-right corner, then select Admin
    • Ticketing admin: In Work Management, open the Ticketing application, click the gear on the right side of the tab toolbar, select Admin
    • Project admin: In Work Management, open the Project application, click the gear on the right side of the tab toolbar, select Admin
    • Assets/CIs admin: In Work Management, open the Project application, click the gear on the right side of the tab toolbar, select Admin
    • TDAdmin: In TDAdmin, navigate to Applications, click the application name in the table 
  2. In the left navigation, select Users & Roles > Security Roles
  3. Click on the green +New button and populate the Name and select the License Type
  4. It is advised to click Select Defaults for the License Type as a starting point
  5. Depending on the License Type selected, certain permissions will be available to enable
  6. Review each permission to determine what is appropriate for the intended recipients of the Security Role. Click a permission name to see descriptions
  7. When finished, click Save
100% helpful - 4 reviews
Print Article