This section describes the project permission and access control framework. Whether a user can access a project is determined by the project’s permissions and access control settings.

In Sanplex, project permissions can be managed globally under Admin > Company > Permissions, or managed for a specific project under Project > Settings > Permissions.

I. Manage Project Permissions

All global permission groups are managed under Admin > Company > Permissions.

For projects, permissions are managed via Permission Assignment and Scope (Visibility) Settings.

1. Permission Assignment

Go to Admin > Company > Permissions, and click Permission Assignment on the right side of the permission group list to open the permission assignment page.

图1

On the Project permission assignment page:

• Checked = permission granted
• Unchecked = permission not granted

图2

2. Scope (Visibility) Settings

Scope settings supplement permission assignment and can quickly narrow the effective access range.

In practice, scope settings work like an access switch:

• Enabled (checked): Users must also have relevant project permissions assigned, otherwise they still cannot access the project.
• Disabled (unchecked): Even if users have relevant project permissions assigned, they cannot access the project.

Typical scenarios for using scope settings:

• In a customized delivery project, the customer also uses Sanplex and needs access to Programs, Products, and Projects.
• Place customer users into a dedicated permission group.
• Grant that group the required permissions for Programs, Products, Projects, and Executions, but prevent them from seeing public Programs/Products/Projects in the system.
• List only the Programs/Products/Projects that the customer is allowed to access under Accessible Programs, Accessible Products, and Accessible Projects.
• Users in that permission group can then access only the listed Programs/Products/Projects.

In Admin > Company > Permissions, click Scope Settings for the target group to open the scope settings page.

图3

On the scope settings page:

• Accessible Views: Select Project to allow the group to access the Project view. Users must still be granted the relevant project permissions in permission assignment to actually access projects.
• Accessible Projects: Blank means no project access restriction. If specific projects are listed, group members can access only those projects.
• Project Activity Visible: Select this option to allow project-related activities to appear in Activity.

图4

II. Project-Specific Permission Groups and Permission Management

Sanplex supports a project-specific permission system. You can create project-specific permission groups and manage their permissions and members, as well as edit or delete these groups.

1. Create a Project Permission Group

Go to Project > Settings > Permission Groups, and click Add Group in the upper-right corner to create a new group.

图5

After a group is created, you can use the action buttons on the right side of the list to:

• assign permissions,
• manage members,
• edit the group,
• copy the group (including permissions and members),
• delete the group.

2. Manage Permissions for a Project Permission Group

After creating a project permission group, assign permissions and maintain members.

Click Permission Assignment and Member Management for the target project group.

图6

Project group permission assignment:

图7

Project group member management:

图8

III. Combining Access Control and Permission Control

1. Independent Projects: Access Control + Permission Control

Project access control options include Private, Public, and Whitelist:

• Private: Only the Project Owner, team members, and stakeholders can access.
• Public: Anyone with the Project view permission can access.
• Whitelist: Available when access control is Private. Whitelisted users can access the project.

Project permission control options include Inherit and Redefine:

• Inherit: Effective permissions = union of global permissions (Admin permission groups) and project-specific permission groups.
• Redefine: Effective permissions = project-specific permission groups only (Project > Settings > Permission Groups).

1.1 When Access Control is Private

When creating a project, Access Control defaults to Private, and Permission Control defaults to Inherit. You can also configure a whitelist. Common combinations include:

• Access Control: Private, Permission Control: Inherit
• Access Control: Private, Permission Control: Redefine

图9

1.2 When Access Control is Public

When Access Control is Public, common combinations include:

• Access Control: Public, Permission Control: Inherit
• Access Control: Public, Permission Control: Redefine

2. Projects Under a Program: Access Control + Permission Control

For projects under a Program, access control includes an additional option: Program-Internal Public.

Project access control options include Private, Public, Program-Internal Public, and Whitelist:

• Private: Only the Project Owner, team members, and stakeholders can access.
• Public: Anyone with the Project view permission can access.
• Program-Internal Public: Program owners/stakeholders of all parent Programs, plus the project owner, team members, and stakeholders can access.
• Whitelist: Available when access control is Private. Whitelisted users can access the project.

Project permission control options remain Inherit and Redefine:

• Inherit: Union of global permissions and project-specific permission groups.
• Redefine: Project-specific permission groups only.

图10

IV. Project Team, Whitelist, and Stakeholders

1. Project Team

Project team members can be managed independently. Team members from executions under the project are synchronized to the project team.

Use Team Management in the team list to add members, and use the Remove action to remove members.

图11

2. Whitelist

When creating or editing a project with access control set to Private, whitelisted users will appear in the project whitelist.

Whitelisted users from executions under the project are also synchronized and displayed in the project whitelist. You can also add or remove users directly under Project > Settings > Whitelist.

图12

3. Stakeholders

Project stakeholders can be added in bulk or individually under Project > Settings > Stakeholders.

Use the actions on the right side of the list to record communications, capture expectations, edit, or delete stakeholders.

图13

4. Stakeholders vs. Whitelist

Commonality: Both can access the project.

Difference:

• Stakeholders are people with a business interest in the project, typically external participants (e.g., customer representatives, partners). Key stakeholders can be flagged for decision-making roles, and communication records can be maintained.
• Whitelist users are typically internal users who are granted explicit access to the project.