For security and administration purposes, MaTaP allows configuring different access rights for users on the server. The client allows/disallows certain actions based on these configurations.
Available User Rights
Super User Right
If this is set to true:
- The user can create, issue, accept and resolve PunchPoints.
- The user can read and report progress without restrictions.
- The user can create, issue, technical approve and financial approve ScopeChanges.
PunchPoint User Rights
Selection:
- No Right: The user cannot do anything related to PunchPoints.
- Create PunchPoint: The user can create PunchPoints.
- Issue PunchPoint: The user can create and issue PunchPoints.
- Resolve PunchPoint: The user can create, issue and resolve PunchPoints.
- Accept PunchPoint: The user can create, issue, resolve and accept PunchPoints.
Reporting User Rights
Selection:
- No Right: The user cannot read or report any progress.
- Read: The user can read the progress, but not report any progress.
- Company Restrictive: The user can read and report progress only for Data belonging to the users company.
- Progress: The user can read and report progress without restrictions.
ScopeChange User Rights
Selection:
- No Right: The user cannot do anything related to ScopeChanges.
- Create: The user can create ScopeChanges.
- Issue: The user can create and issue ScopeChanges.
- Technical Approve: The user can create, issue and technical approve ScopeChanges.
- Financial Approve: The user can create, issue, technical approve and financial approve ScopeChanges.
Configuration
The User Rights for a MaTaP user can be configured either in the Excel file that will be used for importing the users or via the admin tool in the "Users" UseCase.
Evaluation of User Right Groups
Until now, the loading of user rights groups always included all groups, even those that were not used or required by the project. To ensure that unnecessary user rights groups are no longer loaded, two evaluators have been added. These evaluators analyze the user rights groups in the background for the specific MaTaP contexts and only deliver those user rights groups that are needed. There are two types of MaTaP-specific contexts: the first type is for the MaTaP Desktop Client, and the second is for the MaTaP Web Client. It should also be noted that the MaTaP Desktop Client may have multiple contexts, whereas the MaTaP Web Client uses only a single context.
The major advantage of this approach is that loading times are reduced, as the numerous user rights group instances that accumulate in the database over time are no longer delivered to the clients—only the groups actually needed are provided.
MaTaP Desktop Client Contexts
The evaluation for the contexts related to the MaTaP Desktop Client is such that only the user rights groups linked to the project are loaded.
MaTaP Web Client Context
For the MaTaP Web Client context, the evaluation is slightly different. Here, user rights groups are loaded for all active projects; however, as with the other context, unused or unnecessary groups are not delivered to the client.
