Granting Access Permissions on Repository Items

The repository administrator or a user with Full permission on a document or folder can grant permissions on it from the Permissions tab of its repository property sheet. You can grant permissions on the repository root, folders, PowerDesigner models and model packages, and external application files, but not on individual model diagrams or objects.

In order for a user to check documents out of and into the repository, she must have the following permissions:

  • Check out - Read permission. When you create a user, she is inserted into the Public group, which by default is granted Read permission on the repository root.

  • First check in (to create a document in the repository) or creating a folder - Write permission on the target location (the repository root or a folder) or Submit to propose the addition.

    The user who creates a repository item has, by default, Full permission over it, though this permission can be reduced by an administrator. Other permissions are cascaded down from the parent folder or root, so that if another user has Write permission on the parent folder, then he will have Write permission on the new item.

  • Subsequent check ins (to update an existing document) - Read permission on the target location and Write permission on the document (including, for PowerDesigner models, all impacted packages).

Note: Object permissions should be viewed in conjunction with the rights granted to users or groups (see Granting Rights to Users and Groups). For examples of granting rights and permissions, see Controlling Repository Access.
  1. Right-click the item in the Repository Browser, and select Permissions to open the item's property sheet at the Permissions tab.
    Note: A PowerDesigner project (see Projects and Frameworks) acts as both a repository document and a folder. Use the project permissions to control working with the project file itself (project diagram and any framework or dependency matrices) and the folder permissions to grant access to the models contained within the project, as you would for a repository folder.
  2. Click the Add tool to open a list of available users and groups, select one or more, and click OK to add them to the list.
  3. For each user or group, select the permission you want to grant in the Granted Permission column. The following permissions are available:

    • List - View the document or folder in the browser and in search results, and open property sheets. Without this permission, users cannot even see the item.

    • Read - Also compare documents, and check documents out from the repository.

    • Submit - Also check the document into a changelist for review by a user with Write permission.

    • Write - Also check in (with or without a changelist), freeze, and lock document versions.

    • Full - Also manage permissions granted to users or groups and remove locks on documents.

  4. [optional] Click the Copy Permissions to All Children tool to propagate changes to the item's children.

    When you create a folder or check in a model or project, the permissions defined on its parent are propagated to it. However, subsequent changes made to the permissions for the parent are not applied to its children unless you click this tool. For example, if a you grant write permissions to the Major Project folder, to the Development Team 2 group, then they will not automatically be granted write access on its contents.

  5. [optional] Click the Show All Authorized Users tool to display all the users and groups who have a permission on the item, including those inheriting permissions from groups.

    Consult the read-only Effective Permission column to see the highest level of permission that each user or group has either directly or via a group. A user who has no directly granted permission on an item may inherit a Write permission by virtue of membership in a group, and will appear in the list when the Show All Authorized Users tool is pressed.

    Note: If you delete a group from the list while the Show All Authorized Users tool is pressed, it and its members remain visible in the list with their granted and effective permissions reduced to <none>, until you click Apply or OK.
  6. Click OK to save your changes.
Parent topic: Controlling Repository Access