Authorized Related Change Objects through Agreements
When creating or editing an agreement, you can specify which change object types, if any, will be authorized through the agreement. These change objects do not need to be added as agreement authorized objects and they do not need to be within the
scope of the agreement. To access a change object that is not explicitly added to an active agreement:
• For standard agreements, the object must be related to one of the agreement authorized objects. For context-based agreements, the object must be related to one of the objects in the same context as the agreement.
• The object must be of the type specified as an authorized related change type.
• The object must be in one of the Authorized Life Cycle States.
• The object must have the same agreement type configured for its security label values as the agreement type applied to the related authorized object.
• The participant must be an authorized participant for the agreement.
• The participant must have the appropriate access control permissions for the object.
• The authorized object to which the object is related must be an object that can be changed.
Use the Authorized Related Changes step to include change objects associated with other authorized objects. For example, if a change object is associated with an authorized object while the agreement is active and the change object fits the above criteria, authorized participants are able to access the change object and the agreement manager does not need to add the change object to the list of authorized objects. Change objects can still be explicitly added as authorized objects for an agreement.
If a change notice is added as an authorized related change type and meets the criteria specified above, then authorization may be extended to all its related change tasks, even if they are not associated with the agreement authorized object. To access the related change task:
• The participant must be an authorized participant for the security label values applied to the change task, or the change task appears as (Secured Information).
• The change task must have the same agreement type configured for its security label values as the agreement type applied to the agreement authorized object and the change notice.
• The participant must have the appropriate access control permissions for the change task as well as the change notice.
If the related change task does not fit the above criteria, the change task appears as (Secured Information). If a change notice is explicitly added as an authorized object for the agreement, only the change notice is authorized. Authorization is not extended to related change tasks when a change notice is explicitly added.
|
If a user modifies the list of affected objects for a change object, they could remove one of the authorized objects and, therefore, an authorized participant may not be able to access the related change object. Similarly, if a user associates an agreement authorized object to a change object that meets the criteria listed above, an authorized participant for the agreement will be able to access the related change object.
|