# Permissions on the package # Permissions to parts of the repository EA Information Portal supports a permission system at the package level (repository browser tree branches), both for reading and (since version 7.5) for writing. It is therefore possible to restrict the reading of parts of the model to specific groups or users. This functionality is not available in Enterprise Architect itself. It is therefore possible to restrict access of certain users to (for example) specific projects, sensitive processes, risk analyses, strategic business models, etc. This feature fundamentally supports the effort to have all models in one repository. Permissions can be set for groups and users. Permissions are applied hierarchically from the package they are set on down. [![Snímek obrazovky 2024-06-10 123435.png](https://doc.eainfoport.cz/uploads/images/gallery/2024-06/scaled-1680-/HQ3snimek-obrazovky-2024-06-10-123435.png)](https://doc.eainfoport.cz/uploads/images/gallery/2024-06/HQ3snimek-obrazovky-2024-06-10-123435.png) # Default settings EA Infoport supports a permission system at the package level (repository browser tree branches), both for reading and (since version 7.5) for writing. Thus, it is possible to restrict the reading of parts of the model to certain groups or users. It is thus possible to restrict access of certain users to (for example) specific projects, sensitive processes, risk analyses, strategic business models, etc. If there is no default setting, i.e. the setting is taken from the parent root package, then the repository is not visible by default, or reading is not allowed. Permissions can be set for groups and users, via the "Permissions" button. The rights are applied hierarchically from the package on which they are set downwards. EA Infoport allows you to disable/allow users or groups from accessing different packages by default using the following button: [![Snímek obrazovky 2024-06-10 124429.png](https://doc.eainfoport.cz/uploads/images/gallery/2024-06/scaled-1680-/snimek-obrazovky-2024-06-10-124429.png)](https://doc.eainfoport.cz/uploads/images/gallery/2024-06/snimek-obrazovky-2024-06-10-124429.png) [![Snímek obrazovky 2024-06-10 124659.png](https://doc.eainfoport.cz/uploads/images/gallery/2024-06/scaled-1680-/snimek-obrazovky-2024-06-10-124659.png)](https://doc.eainfoport.cz/uploads/images/gallery/2024-06/snimek-obrazovky-2024-06-10-124659.png) Without default settings [![Snímek obrazovky 2024-06-10 124907.png](https://doc.eainfoport.cz/uploads/images/gallery/2024-06/scaled-1680-/snimek-obrazovky-2024-06-10-124907.png)](https://doc.eainfoport.cz/uploads/images/gallery/2024-06/snimek-obrazovky-2024-06-10-124907.png) Reading is enabled by default [![Snímek obrazovky 2024-06-10 124942.png](https://doc.eainfoport.cz/uploads/images/gallery/2024-06/scaled-1680-/snimek-obrazovky-2024-06-10-124942.png)](https://doc.eainfoport.cz/uploads/images/gallery/2024-06/snimek-obrazovky-2024-06-10-124942.png) Reading is disabled by default # User/group role specifications If the default settings are not enough and we need to specify a range of other users, it is possible to specify roles and access directly on the user or group. [![image-1718017019530.png](https://doc.eainfoport.cz/uploads/images/gallery/2024-06/scaled-1680-/image-1718017019530.png)](https://doc.eainfoport.cz/uploads/images/gallery/2024-06/image-1718017019530.png) The table below shows the legality of the powers:
Role read edit delete reviewed
Reader x x x
Editor x
Permission Delete x x
Reviewer x x
Owner
# Owner The EA Information Portal supports a package-level permission system (repository browser tree branches), both read and (as of version 7.5) write. It is therefore possible to restrict the reading of parts of the model to specific groups or users. This functionality is not available in Enterprise Architect itself. It is therefore possible to restrict access of certain users to (for example) specific projects, sensitive processes, risk analyses, strategic business models, etc. The rights are applied hierarchically from the package on which they are set downwards. In this context, a new role is introduced in EA Infoport - the owner of a process part. This role will be able to assign read, write (and other) rights to the parts of the model it owns (tree branches). The owner can be users or groups. This role is introduced so that the repository administrator (admin) does not have to set all read and write permissions. Example of use - Restricting access of external contractors working on a common project. Everyone can only see what they are allowed to see. - In case of termination of cooperation with a contractor, it is sufficient to terminate access through the EA Information Portal. [![Snímek obrazovky 2024-06-10 123435.png](https://doc.eainfoport.cz/uploads/images/gallery/2024-06/scaled-1680-/HQ3snimek-obrazovky-2024-06-10-123435.png)](https://doc.eainfoport.cz/uploads/images/gallery/2024-06/HQ3snimek-obrazovky-2024-06-10-123435.png) Permissions on the package [![image-1718017019530.png](https://doc.eainfoport.cz/uploads/images/gallery/2024-06/scaled-1680-/image-1718017019530.png)](https://doc.eainfoport.cz/uploads/images/gallery/2024-06/image-1718017019530.png) # Setting permissions on package The permission settings on package are shown in the table below:
ParentDefaultGroupPersonalResult
no---no
nono--no
noyes--yes
nox-nono
nox-yesyes
noxno-no
noxyes-yes
noxnonono
noxnoyesyes
noxyesno (not possible)\*\*yes
noxyesyesyes
yes---yes
yesno--no
yesyes--yes
yesx-nono
yesx-yesyes
yesxno-no
yesxyes-yes
yesxnonono
yesxnoano (not possible)\*\*no
yesxyesnono
yesxyesyesyes
\* If you set permissions on a group, the settings are automatically checked on the user who is a member of the group. \- not specified x value does not matter
If there is no default setting i.e. the setting is taken from the parent root package, the repository is not visible by default, or reading is not allowed. # Authorization if the user is a member of two groups with different permissions **Authorization if the user is a member of two groups with different permissions**
**Package default****Group A - Manager****Group B - basic****Result**
Without settings\*Without settings\*Without settings\*Disabled
EnabledWithout settings\*Without settings\*Enabled
DisabledWithout settings\*Without settings\*Disabled
EnabledEnabledEnabledEnabled
DisabledDisabledDisabledDisabled
EnabledEnabledDisabledDisabled
DisabledEnabledDisabledDisabled
\*only for new "root" in other cases the settings are inherited from a higher package **Correction if the user is a member of two groups with different permissions and also has individual settings**
**Package default****Group A - Manager****Group B - basic****Result****Individual settings****Result**
Without settings\*Without settings\*Without settings\*DisabledEnabledEnabled
EnabledWithout settings\*Without settings\*EnabledDisabledDisabled
DisabledWithout settings\*Without settings\*DisabledEnabledEnabled
EnabledEnabledEnabledEnabledDisabledDisabled
DisabledDisabledDisabledDisabledEnabledEnabled
EnabledEnabledDisabledDisabledcannot be allowed\*\*Disabled
DisabledEnabledDisabledDisabledcannot be allowed\*\*Enabled
\*\* the message successfully removed/added but settings are not saved, group settings cannot be overridden