This section explains the permission management and access control model for Programs.

Whether a user can access a Program is determined by Program permissions and Program access control. This section describes access control for Top-level Programs (Parent Programs), Sub-programs (Child Programs), as well as Products and Projects under a Program.

I. Managing Program Permissions

All permission management in Sanplex is maintained under Admin > Personnel Management > Permissions.

Program permissions can be configured through Permission Management and Scope Management.

图1

1. Permission Management

Go to Admin > Personnel Management > Permissions. Use the Permission Management action on the right side of the group list to open the permission configuration page.

图2

On the Program View permission page:

• Selecting a checkbox grants the permission.
• Clearing a checkbox revokes the permission.

图3

2. Scope Management

Scope Management complements Permission Management by quickly narrowing down the effective permission scope.

In practice, Scope Management acts as a switch:

• Enabled (selected): Users can access Programs only if the related Program permissions are also granted in Permission Management.
• Disabled (cleared): Even if Program permissions are granted in Permission Management, users still cannot access Programs.

Typical use cases for Scope Management:

• In a customized delivery project, the customer (external party) also needs access to Sanplex and must be able to view specific Programs, Products, and Projects.
• Customer users are placed into a dedicated permission group.
• The group is granted relevant permissions for Programs, Products, Projects, and Executions, but customers must not see other public Programs/Products/Projects in the system.
• You can explicitly list which Accessible Programs, Accessible Products, and Accessible Projects the customer group can access.
• As a result, members of that permission group can only see the listed Programs/Products/Projects.

Click the Scope Management action on the right side of the group list under Admin > Personnel Management > Permissions to open the Scope Management page.

图4

On the Scope Management page:

• Accessible Views: selecting Program means the group is allowed to access the Program view. Actual access still requires relevant Program permissions granted in Permission Management.
• Accessible Programs: leaving it blank means there is no access restriction at the Program level. If specific Programs are listed, members of the group can access only those Programs.
• Viewable Program Activity: Program activities are included in the activity stream only when this option is selected.

图5

II. Access Control for Top-level Programs (Parent Programs)

Access control options for a Top-level Program (Parent Program) include Private, Public, and Whitelist.

• Private: Only the Program Owner and Program Stakeholders can access. Stakeholders can be added and maintained later.
• Public: Anyone with Program View permission can access.
• Whitelist: When the Program is private, whitelisted users can also access it. Whitelisted users can access only this Program.

When creating a Top-level Program (Parent Program), the default access control is Private, and you can configure whitelisted users under the private mode.

Access control set to Private:

图6

Access control set to Public:

图7

III. Access Control for Sub-programs (Child Programs)

Access control options for a Sub-program (Child Program) include Private, Public to All, Public Within Program, and Whitelist.

• Private: Only the Sub-program Owner and Stakeholders can access. Stakeholders can be added and maintained later.
• Public to All: Anyone with Program View permission can access.
• Public Within Program: Stakeholders and Owners of all parent Programs, plus the Owner and Stakeholders of the current Sub-program, can access.
• Whitelist: When access control is Private or Public Within Program, you can configure a whitelist. Whitelisted users can access the Sub-program.

Access control set to Private:

图8

Access control set to Public to All:

图9

Access control set to Public Within Program:

图10

IV. Products, Projects, Users, and Stakeholders Under a Program

1. Top-level Program (Parent Program): Products, Projects, Users, Stakeholders

When you open a specific Program, Sanplex lists the Products, Projects, Users, and Stakeholders under that Program.

图11

• Program Products: Lists the Products under the current Program that the current user is allowed to access.
• Program Projects: Lists the Projects under the current Program that the current user is allowed to access.
• Program Users: Lists Assigned Users, Accessible Users, and the Whitelist. “Accessible Users” is the combined set of whitelisted users and stakeholders.
• Program Stakeholders: Lists the stakeholders of the Program.

2. Sub-program (Child Program): Products, Projects, Users, Stakeholders

• Sub-program Products: The listed Products are the same as those listed under its Parent Program.
• Sub-program Projects: Lists Projects under the current Sub-program that the current user is allowed to access.
• Sub-program Users: Lists Assigned Users, Accessible Users, and the Whitelist. “Accessible Users” is the combined set of whitelisted users and stakeholders.
• Sub-program Stakeholders: Lists the stakeholders of the Sub-program.

A key difference applies when a Sub-program’s access control is Public Within Program:

In this case, the Sub-program’s Stakeholders and Whitelist should also display stakeholders and whitelisted users inherited from the Parent Program.

3. Maintaining a Program Whitelist and Stakeholders

Difference between Program Stakeholders and the Program Whitelist:

Similarity: Both are allowed to view the Program.

Difference:

• Stakeholders are users who have an interest in the Program—typically important external parties and relevant internal members, such as customers, partner representatives, investors, program managers, program members, or senior management. Key stakeholders with decision-making authority can be marked as critical stakeholders. You can also record communications with stakeholders to capture their needs and expectations.
• The Whitelist typically consists of internal users who are granted explicit access to a specific Program. Whitelisted users can access only this Program, and cannot access other Programs or Projects under the Program unless separately permitted.

The Program whitelist can be managed under Users > Whitelist (add/remove).

图12

Program stakeholders can be managed under Program > Stakeholders (add/remove).

图13

Users are categorized as Assigned Users, Accessible Users, and Whitelist users.

“Assigned Users” lists the team members from Projects under the Program.

Sanplex displays the number of Projects and Executions each team member participates in, as well as work hours, Tasks, Bugs, and Requirements.

图14