To set the permissions for a role in a security policy, you use a set of tables. There is a different table for each marketing object type (plan, program, etc.). The table columns present all of the roles in the security policy, and the rows represent features or options, grouped by the tab on which they are accessed.
For example, the results of searches are constrained by access rights: if a user does not have access to the Workflow tab of a specific project, tasks from that project do not display in the All Tasks search. Additionally, if a user does not have the ability to add attachments to a project, that user does not receive the alerts that are triggered when another participant performs an attachment task.
The security policy in effect at a given time for a given object (project, plan, or program, for example) depends on the security policy that is specified by the object's template. For example, when template developers create
project templates, they specify the security policy on the template Summary tab. Then, when
projects are created from that template, access to those
projects is determined by the security policy that is specified in the template.