A security policy is presented as a set of tables, with one table for each object type (plan, program, etc.). The columns represent the access roles and the rows represent permissions, grouped by the object's tabs.
For example, the results of searches are constrained by access rights: if a user does not have access to the Workflow tab of a specific project, tasks from that project do not appear in the
All Tasks search. Additionally, if a user does not have the ability to add attachments to a project, that user does not receive the alerts that are triggered when another participant performs an attachment task.
The security policy in effect at a given time for a given object (project, plan, or program, for example) depends on the security policy specified by the object's template. For example, when template developers create
project templates, they specify the security policy on the
Template Properties tab. Then, when
projects are created from that template, access to those
projects is determined by the security policy specified in the template.