Skip to main content

Understanding Permission Enforcement

Nextedy RISKSHEET enforces Polarion’s field-level permissions through configuration rather than API access: diagram
RISKSHEET cannot access Polarion’s Read-only Fields property via API. You must use RISKSHEET’s Permissions Management system instead. Configuring read-only fields in Polarion’s UI will have no effect on RISKSHEET behavior.

Enable Permission Checking

  1. Navigate to project settings - Go to Project Administration > Permissions Management in Polarion
  2. Enable field permission validation - Add this property: 
nextedy.risksheet.checkInstanceFieldPermissions=true
  1. Save and refresh - Save the configuration and reload your RISKSHEET
  2. Verify enforcement - Test editing restricted fields to confirm visual locking appears
If checkInstanceFieldPermissions is not set or is false, RISKSHEET relies only on column configuration (readOnly: true) and system field protection. Field-level Polarion permissions are not enforced.

Diagnose Permission Denial

Visual Indicators

IndicatorMeaningAction
Gray cell backgroundField is read-only due to permissions or configurationCheck Polarion permissions for your role
Editor opens but save fails with errorChild document field restriction (save-time enforcement)Review workflow state and field permissions
Cell doesn’t respond to clicksSystem field protection (id, type, project)These fields are never editable in RISKSHEET
Formula column won’t editColumns with formulas are automatically read-onlyRemove formula or accept read-only behavior

Check User Role Permissions

  1. Review project permissions - In Polarion, navigate to Administration > [Project] > Permissions > Work Items
  2. Identify your role - Find your assigned role(s) in the project (e.g., Developer, Reviewer, Project Manager)
  3. Check field permissions - For each field you’re trying to edit, verify your role has “Write” permission, not just “Read”
  4. Review workflow-based restrictions - Some fields may be editable only in certain workflow states (e.g., editable in “draft”, locked in “approved”)

Resolve Common Permission Scenarios

Scenario 1: Status Transition Blocked by Formula Mismatch

Symptom: Cannot change work item status; save fails with permission error even though you have workflow transition rights. Root cause: Formula-generated field (e.g., title) doesn’t match stored value, triggering permission validation failure. Resolution:
  1. Identify formula columns:
{
  "columns": [
    {
      "id": "title",
      "formula": "item.severity + ' - ' + item.occurrence + ' - ' + item.description"
    }
  ]
}
  1. Compare stored vs. generated values - In Polarion, check if the work item’s title matches what the formula would generate
  2. Correct mismatches - Either:
    • Update the stored value in Polarion to match formula output
    • Adjust the formula to match existing data
    • Temporarily remove the formula, save the status change, then restore it
After migrating between Polarion versions, field length limits may change. Titles truncated to 80 characters in older versions might generate 255-character formula outputs in newer versions, causing permission mismatches. Manually align stored values with formula outputs to resolve.

Scenario 2: Primary vs. Child Document Behavior Differences

Symptom: Some restricted fields show gray background (can’t edit), while others allow typing but fail on save. Expected behavior: Primary document work items enforce restrictions visually (gray cells), while child document items enforce restrictions at save time (error message). Resolution:
  1. Understand the design - This behavioral difference is intentional:
    • Primary documents: Visual prevention (cell won’t open editor)
    • Child documents: Save-time prevention (editor opens, but save fails with error)
  2. Check document structure - Identify whether the work item is in the primary document or a child document
  3. Train users - Communicate this behavioral difference to prevent confusion when the same field behaves differently in different contexts

Scenario 3: System Fields Ignore Configuration

Symptom: Configured a column as editable, but it remains read-only. Root cause: System fields (id, type, project, outlineNumber, status, author, created, updated) are always read-only regardless of configuration. Resolution:
  1. Accept the limitation - System fields cannot be edited through RISKSHEET
  2. Use Polarion directly - To change work item type or project, use Polarion’s native interface
  3. Remove conflicting configuration: 
{
  "columns": [
    {
      "id": "id",
      "readOnly": false  // This will be ignored—ID is always read-only
    }
  ]
}

Configure Read-Only Columns Explicitly

For fields that should always be read-only (not permission-dependent): 
{
  "columns": [
    {
      "id": "calculatedRisk",
      "header": "Risk Level",
      "formula": "item.severity * item.occurrence",
      "readOnly": true  // Explicitly mark as read-only
    },
    {
      "id": "author",
      "header": "Created By",
      "readOnly": true  // System field, but explicit is clearer
    }
  ]
}
Columns with formulas are automatically set to readOnly: true even if you don’t specify it. Users cannot override formula-generated values through the grid.

Handle Task vs. Risk Permission Differences

RISKSHEET distinguishes between risk items and downstream task items:
  1. Check task-specific read-only settings - Configuration supports separate read-only states:
    • systemReadOnly: Controls risk item fields
    • systemTaskReadOnly: Controls task item fields
  2. Configure task field restrictions: 
{
  "dataTypes": {
    "task": {
      "type": "mitigationTask",
      "role": "mitigates"
    }
  },
  "columns": [
    {
      "id": "taskStatus",
      "binding": "status",
      "level": 2,  // Task level
      "readOnly": false  // Editable for tasks even if locked for risks
    }
  ]
}
  1. Verify task permissions separately - Users may have different permissions for task-type work items vs. risk-type work items

Verify Resolution

After configuring permission enforcement:
  1. Test with restricted role - Log in as a user with limited permissions
  2. Attempt to edit restricted field - Click the cell that should be read-only
  3. Confirm visual lock - For primary documents, the cell should have a gray background and not open an editor
  4. Test child document behavior - For child documents, the editor may open, but save should fail with a clear error message
  5. Verify allowed fields - Fields your role has permission to edit should open editors and save successfully
You should now see consistent permission enforcement matching your Polarion role configuration, with clear visual indicators for read-only fields in primary documents and error messages for child document restrictions.

See Also

Support TicketsSource Code
  • PolarionAppConfigManager.java
  • RisksheetProjectProperties.java
  • ResultFilter.java
  • AddTaskCommand.ts
  • GetSetUtil.java