Valispace implements permissions on a project level, meaning that permissions for components, valis and matrices are always derived from the project they are located in. For instance, if vali_1 is part of ComponentX and ComponentX is part of TestProject and you have READ permission for TestProject then you will also have READ permission for vali_1 and ComponentX.
Permissions are cumulative, which means that higher ranking permissions always automatically include all lower ranking permissions. For example, read access is automatically included when you have write permission. The following three types are available (in cumulative order):
Read permission allows you to view a project and all its elements: components, valis and matrices. You can also use this data in other projects, for example in formulas of valis. However you cannot edit anything inside the project where you have read access.
In order to manipulate any elements inside a project you need to possess write permission for that project. With write permission you can edit and delete the project and all components, valis and matrices inside it. However, with a write permission you can not assign permissions for the project to other users.
Manage permission for a project gives you the ability to add or remove permissions for other users for this specific project. You automatically get manage permissions for a project when you create it. A superuser can also assign a manage permission to you or remove it.
Additionally to the project permissions there are a few special permissions that are assigned on a user level:
- Create projects
- Create/edit tags
- Create/edit types
All of the above are granted by default, but can be revoked by superusers.
In public projects every user is automatically granted WRITE permission. Projects are public by default and have to be made private if permission management is required.
Superusers by definition always have all available permissions. Superusers can also assign (and revoke) superuser rights to other users.
Project permissions can be assigned either to single users (Project Permission) or to entire groups (Project Group Permission). Groups can only be created and managed by admin users via the admin panel under Authentication and Authorization > Groups.
Managing permissions in the project settings¶
If you have MANAGE permission for a project you can assign/revoke/edit permissions for users and groups in the project view (click on a project in the sidebar tree to open the project view).
The user interface (UI) for permission management is simple and should be self explaining. Permissions can be added and deleted with the corresponding buttons while permission types can be adjusted inline per dropdown selection. If you do not have MANAGE but at least READ permission for a project you can still go to the project view and see how permissions are assigned.
In the project managers list directly beneath the Permissions label you can find a list of people that have the necessary rights to grant you permission for the specific project. Additionally to the project managers you can of course also consult any admin user.
Special permissions for project creation, type- and tag editing can only be assigned via the admin panel (see below).
Managing permissions in the admin panel¶
You can also assign permissions in the admin panel under Project Permissions:
and under Project Group Permissions:
In the above pictures you can see how different permissions (read, write, manage) were assigned to different users and different groups for the MarsOrbiter and HeavyLiftRocket projects. It is not possible to assign more than one permission per project per user (or per project per group). In order to revoke a permission, just delete it.
To assign/revoke a special permission, go to the user profile for which you want to change permissions, scroll to the bottom and use the dedicated tick boxes: