Permission Architecture Overview
Risksheet enforces permissions at multiple layers. Understanding how these layers interact prevents common issues where users see broken layouts, cannot save edits, or are redirected away from the Risksheet view entirely.1
Configure Admin Access
Risksheet automatically determines admin status from the user’s Polarion project role. The
canAdmin property is set at runtime based on the current user’s permissions --- you do not set it manually in sheet configuration.When canAdmin is true, the user can:- Open the Risksheet configuration editor (accessible via Menu > Configuration > Edit Risksheet Configuration)
- Edit sheet configuration directly or through the configuration editor UI
- Manage global templates and template paths
- Access the configuration editor at the URL:
<baseUrl>/risksheet/configuration/?project=<projectId>&document=<documentId>
canAdmin is false, the Edit Risksheet Configuration entry under Menu > Configuration is hidden and the user cannot modify the sheet structure.To grant admin access to a user:- Navigate to Administration > Users & Roles in your Polarion project.
- Assign the user the Admin role for the project.
- The user will see
canAdmin = trueon their next Risksheet load.
2
Set Sheet-Level Read-Only Mode
To make the entire Risksheet read-only for all users (regardless of their project role), set the
readonly property in sheet configuration:3
Enable Field-Level Permissions
Polarion’s built-in “Read-only Fields” UI property has no API, so Risksheet cannot enforce it directly. Instead, use Polarion Permissions Management with the
checkInstanceFieldPermissions configuration property to control which fields are editable based on the work item’s current workflow state.Enable the Property
- Navigate to Administration > Configuration Properties in Polarion.
- Add the following property:
- Save the configuration.
Configure Field Permissions in Polarion
- Navigate to Administration > Permissions in your Polarion project.
-
Define which fields can be edited in each workflow state. For example:
- Draft state: all fields editable
- In Review state: only review-related fields editable, risk parameters locked
- Approved state: all fields read-only
- Risksheet reads these permission rules at runtime and marks individual cells as read-only based on each work item’s current status.
How Field Permissions Appear in the Grid
WhencheckInstanceFieldPermissions is enabled:- Read-only cells receive a
readonlyCSS class, which provides a visual indicator (typically a subtle background change) - Attempting to edit a read-only cell has no effect --- the cell editor does not activate
- The
readOnlycolumn property is automatically set totruefor restricted fields, overriding the column-level configuration - System fields (
author,resolution,created,updated,type) are always read-only regardless of permission settings
4
Configure Template Project Access
When your Risksheet uses a configuration template from a different Polarion project (via
source or templateName in sheet configuration), all users who open the Risksheet must have read access to the template project. Without this access, Risksheet fails to load the template configuration and falls back to a default or broken structure.Symptoms of Missing Template Access
- Users see a completely different Risksheet structure than other users in the same project
- The column layout does not match the expected FMEA/HARA configuration
- No explicit error message is displayed --- the sheet simply loads with wrong columns
Resolution
- Identify the template project by checking the
sourceortemplateNameproperty in sheet configuration:
- Navigate to the template project’s Administration > Users & Roles.
- Grant read access to all users and groups that need to use the Risksheet in the consuming project.
5
Configure Topic Visibility
Risksheet must be registered as a topic in your Polarion project’s navigation for users to access it from the sidebar menu. If the topic is not configured for a user’s role or view, they are redirected to the space home page instead of the Risksheet view.
Add Risksheet to Navigation
- Navigate to Administration > Topics in your Polarion project.
- Ensure the Risksheet topic is listed and enabled.
- Verify that the topic is assigned to all relevant views and roles. Each view/role combination must include the Risksheet topic.
6
Handle Formula and Permission Interactions
Formula-generated fields can conflict with field-level permissions in ways that cause unexpected save failures. Understanding this interaction prevents frustrating errors for end users.
The Problem
- A formula column computes a value (e.g., a title or RPN) and stores it in the work item.
- The work item’s status changes to one where the field is read-only (e.g., “Approved”).
- On the next Risksheet load, the formula recalculates the value.
- If the stored value differs from the formula output (due to data migration, truncation, or external edits), Risksheet marks the item as “edited.”
- When the user saves, Polarion rejects the write because the field is read-only in the current workflow state.
Prevention Strategies
- Run Check stored formulas before status transitions: Before moving risk items from Draft to Review or Approved, ensure all formula values are synchronized. Navigate to Menu > Rows > Check stored formulas (requires v24.5.1+).
- Keep formula columns visible during status changes: Formula columns must be visible for reconciliation to work.
- Avoid title truncation drift: After Polarion migrations, check that stored title lengths match formula output lengths.
Verification
After configuring permissions, you should now see:- ✅ Admin users can open the configuration editor via Menu > Configuration > Edit Risksheet Configuration and can modify sheet configuration
- ✅ Non-admin users cannot access the configuration editor
- ✅ When
checkInstanceFieldPermissions=trueis set, cells in approved work items display as read-only with visual indication - ✅ All users see the same Risksheet structure (confirming template project access is correct)
- ✅ Risksheet appears in the project navigation sidebar for all intended roles
- ✅ Connect/viewer users see the sheet in read-only mode without editing capability
See Also
- Assign Active Users --- control who gets named edit access versus viewer access
- Understand License Types --- how licensing tiers affect edit permissions
- Manage User Groups --- organize users into permission groups
- Work with Formulas and Hidden Columns --- formula behavior and reconciliation
- Set Up Global Templates --- configure template inheritance across projects
- Troubleshoot Administration Issues --- resolve common permission-related errors