[SOLVED] access rights interactions; some Profiles not available on Users

Hello, Projeqtor is feature-rich and customizable with respect to organizational roles but the latter seems to require careful interdependency management.

I - As an Administrator, I'm unsure about several interactions between various access rights/properties, as follows with my "best-guess" understanding after the manual when I have one.

1) global vs project-wise profiles. I assume the global profile to be the "default" for to-be-assigned projects AND to give "global access" rights if so granted on project-dependent data; whereas the project-wise profile possibly grants increased rights on this project's data but so encapsulated as to have no effect in other projects nor in global functions.

2) effect of Profile codes. The manual suggests there are two "special" profile codes ADM & PL ; but I didn't find what behavior they imply.

3) Profiles access vs items Manager. How do "responsible for" & "own projects" access modes interact with the "manager" property on Projects/Organizations/Teams on the one hand, with special Profile codes ('PL' at least) on the other?
How can I get a Team or Org manager to be able to create/edit assignments of his "own" Resources on Projects in his Organization ?

4) Access to forms vs to data. I understand Form access to be a pure GUI filter, independent from rights on data objects managed through each screen.

5) Project data vs Specific access. Is there a priority or cumulative requirement between specific access rights like project allocation, task assignment, real work input, task prioritization, planning calculation, on the one hand (manual.projeqtor.org/html_en/AccessRights.html#specific-access); and "project data" modification rights on project, activities, resources, on the other hand? E.g., do I need to be allowed to modify project activites and/or resources to be able to assign the latter to the former?

6) Resource vs Pool allocation to Projects. Let a Pool be allocated to a Project; if any or all individual Resources included in the Pool are not allocated, what will be the Pool available resource capacities taken into account for an activity assignment in the Project?


II - I customized & added some profiles and their acces rights, as I would like to use some transversal profiles like Directors or Department heads with limited rights over all projects in their Organization. However, as a result of my misunderstandings, I'm currently unable to change from Administrator to any other profile on current admin users, nor to create a User with any other profile than Admin or Guest. Yet, What could I get wrong?

babynus wrote: As rights cannot be organization managed, you will need to describe organizations as Projects (fake projects).
Real projects will be sub-projects of these 'organization' projects.
Then you can describe any organization hierarchy, and define acees rights at any level of the hierarchy (as rights are recursively inherited to all sub-projects)

Thanks for the idea, I hadn't considered such a way.
On my profile changes impairment, I just found the root cause: I seemingly may only assign or reassign to any user a Profile whose rank is ordinally > to my own. Now I know that Administrator profile had better have "1" as a rank
I vaguely remember having read something about the matter in the forum but don't remember seeing this point in the manual, though.

Thanks for the explanations about my various points of section I, too, it's much clearer to me now. I'll just need to test a bit more about the 4) as there are various ways (and therefore various screens) towards edition of certain planning objects.