The order of security authority is checked in the following order:
- The project itself (not yet implemented).
- The parent project.
- The project type of the top-most project in the inheritence tree.
Additionally, a "pre-check" is done on the project type first to ensure they can view the project type. Consider this example. You have Project A of type General Projects. General Projects can be viewed by all staff. You have a sub-project setup of this project as Project B, and it is of type "Pastoral Visit". Pastoral Visit projects can only be viewed by pastors. If Ted is both a staff member and a pastor, he can view both projects. If Cindy is a staff member but not a pastor then she can only view "Project A".
Tasks inherit their security from the project they are a part of. They also follow the same pattern of doing a pre-check on the project type of the project they are associated with.
Sometimes you want to give somebody the ability to leave comments and add to the discussion but not give them access to edit a project. There is a security permission on Projects and Project Types of
Comment. This will allow somebody to leave a comment on a project but not edit it. A person with
Edit access can both edit and leave comments.