OnePlan Plan Permission Hierarchy
What users can access and do with plans is dependent on three factors: the Enterprise Security Group, Plan Type Security, and Plan Shared With permissions set for the user.
Enterprise Security Group
Enterprise Security Groups are where global OnePlan permissions are configured. These permission settings are at the top of the permission hierarchy. See Create and Manage Enterprise Security Groups for more information on setting up and managing global OnePlan permission groups.
Plan-related permissions configured in the Enterprise Security Group settings:
Global Permissions:
Edit all plans: The user can edit all plans in OnePlan (e.g. make changes to plan data).
View all plans: The user can view all plans in OnePlan regardless of whether the plan is shared/not shared with that user.
Global Plan Permissions:
Add Plan: The user can add a plan (e.g. the user will see the add blue button on the Home Page and Portfolio).
Delete Plan: The user can delete a plan.
Archive Plan: The user can archive a plan.
Plan Type Security
The goal of Plan Type Security is to allow OnePlan users the ability to control which security groups can create plans by the plan types. Plan Type Security settings are the second level of the permission hierarchy. See Set Up Plan Type Security for instructions on how to set up Plan Type Permissions
Users whose security group has global permission of 'Administrator' are exempt from the Plan Type Security, meaning they can bypass the security and still create a plan.
Users whose security group is without global 'Add Plan' permission will not be able to add/see the add plan buttons in the first place, so this setting does not apply to them.
So, the users whose security group has the global 'Add Plan' permission will be the ones affected by the Plan Type Security feature.
How this feature works for affected security groups:
If certain security groups are listed/specified in the Plan Type Security settings:
Only users whose security group is specified can freely create plans of this plan type.
What about users whose security group has 'Add Plan' permission, but the security group is not listed in the plan type security settings?
Then these users can create plans of this type only if they have contributor or owner access (via the Plan Share With settings) to the parent plans.
Example: If you have a plan type hierarchy of Portfolio > Program > Project and security is placed at the Project plan type, you will still be able to create a 'Project' plan type only if you have contributor or owner access to the parent plans. The user will be prompted to select a Portfolio and Program, and if they do not have contributor or owner access (via the Plan Share With settings) to any Portfolios or Programs, then they will not be able to select them and therefore won't be able to proceed with the 'Project' creation.
If no security groups are listed/specified in the plan type security settings:
Then any users whose security group has 'Add Plan' permission can create plans of this type.
Plan Share With
See Share a Plan for more information on sharing plans and plan Share With permissions.
Plan Share With permissions are plan-specific permissions where you can place someone to be a contributor, owner, reader, etc. of a specific plan. Plan Share With permissions are the bottom level of the permission hierarchy.
The Plan Share With permissions interacts with the Plan Type Security feature as explained in the example in the Plan Type Security section.
If certain security groups are specified in the Plan Type Security settings, then only users whose security group is specified can freely create plans of this plan type.
However, security groups that have 'Add Plan' permission but are not listed in the plan type security settings for the plan type can create plans of this type only if they have contributor or owner access (via the Plan Share With settings) to the parent plans.