Manage Project Membership¶
In Aunsight, user accounts are called 'members' because all user access is specific to a particular organization or project in which that user has membership. Since data is governed by rules defined separately for each organization or project space, managing who has membership to that space and what their roles are is an important part of a well-governed data project.
Though both organizations and projects govern membership in the same way, the hierarchical relationship that exists between them means organization membership plays a determining role in project membership. In order to become a member of a project, a user must first have membership in the parent organization. That member does not have to be granted access to resources in the parent organization. Their account must simply be present in the parent organization before they can be assigned membership and roles in child-projects in a one-to-many fashion.
It is possible to create an Aunsight organization with all resources governed at the organization level; however, in practice this is less than ideal, since it requires a single access model to apply to all resources. Dividing resources into discrete projects enables data segregation for enhanced security. A project-centered approach allows a team working on one project to have complete access to their working data and resources, while data for other projects remains securely off limits.
This tutorial will teach how to administer a robust, multi-leveled access model by using projects to define new governed spaces. Specifically, it will show how to add members from a parent organization into a project and create and assign roles within that project.
Open the Project Dashboard¶
Assuming that you have already created a project, log into Aunsight and select the organization in which you wish to create a project. When you have correctly selected an organization as the context, the palette on the left will display "Projects" (directly below "Status" at the top of the palette).
The "Projects" icon only appears within an organization context. Aunsight does not currently support sub-projects. Moreover, not all members may be able to see Projects in their palette. To view projects, users must have a role that grants
AU-ORG:view-any-project in order to view projects. Further permissions are needed in order to edit, create, or delete projects.
Click the Projects icon () to bring up projects.
From the list displayed on the left, search for or select the name of the project you want to work with. Clicking on the name of the project will display its details on the pane to the right of the list.
Click the "Dashboard" icon on the project details to manage roles and members for this project.
Add Project Roles¶
The project Dashboard gives members of an organization (who have the permission to modify projects) a point of entry for administering member accounts and roles for members in a new project. Appropriate project members can later manage roles independently within a project after a "team manager" role is created and assigned.
In the dashboard, the palette on the left will only contain three icons: Status, Jobs, and Team. Click the Team icon () to bring up member and role management features.
By default, project creators do not have permission to access and modify team members within the project context. Instead, they must modify team members through the parent organization dashboard.
Within the team area, click the "Roles" tab to view the roles in this project.
Since this is a new project, there are no roles defined yet. To create one, click "Add Role" in the upper right. This will bring up a dialog for creating a new role.
Enter the name and description of the new role and click "Submit." This will create the role and display its details.
This newly created role does not yet have any policies or permissions assigned. Since this role is designed to allow users to add or remove members from the project, scroll down to the "Permissions" section of the page and click the edit icon () in the upper right to add the appropriate permissions.
By default, a few permissions will be checked. Scroll down through the list to add the following permissions:
The following permissions will allow a user to create, edit, and delete members and roles in the project:
When done, click "Submit" to enter these changes to the role. Clicking "Roles" on the breadcrumb trail at the top of the page will return to the roles table, where you can now see your newly created role.
You may continue to add more roles or you may use the newly created Project Team Member role to delegate the task to someone else. To pass the task to another individual, you first need to add them as a team member in the project and then assign them the Project Team Manager role you just created. With the permissions to make changes to membership and roles within the project granted by the Project Team Manager role, they will be able to make any changes necessary to members and roles as explained in the tutorials for adding members and roles in the parent organization.
Add a Member to a Project¶
Let's add a member to the project and assign the "Project Team Manager" role so that that user can take over managing membership and roles within the project.
From the Team Roles tab, click the "Members" tab to go to the member list. Currently, there are no members in the project.
Click "Add Team Member." This will bring up a dialog for adding the new member.
Notice that the newly created role "Project Team Manager" is available below as a check box. Select a member of the parent organization by using the drop down and check the box for "Project Team Manager" and click "Submit."
Because members are created at the organization level, you can only select a member to add from the list of organization members. To create a new member, see this tutorial.
Once the user has been created, Aunsight will display the member details. If you wish to change this user's roles, check or uncheck the box indicating the role you want to change and click the "Submit" button that appears when a change has been made.
Managing Project Handoff¶
Once a project has at least one team member who can add or remove users and/or roles, all of the functions of administering membership in the project can be handled in the same way as at the organization level. This means project management can be done by delegated team leaders working with complete control over members and permissions within a project, while keeping control over other projects separate. Moreover, because all member accounts exist at the parent organization level, the same members can serve this function in any number of projects. If you chose to administer projects in this way, it may be helpful to acquaint project team managers with how policies and permissions work to make sure sound data security practices are followed within these projects.