Hello Marc,

The security role permissions are labeled in a way that might need clarification, so let me explain.

Currently within OnTime 2007, if you have the "Edit" permission enabled for an item type, a user can click the 'Edit' toolbar button and edit it. The field template that's applied will be the one specified at the project level, regardless of an item's workflow step.

In security permissions, the "Change an <item's> Workflow step" permission is what controls whether or not a user can edit the item 'in Workflow'. Double-clicking an item in the main grid is one way of editing an item 'in Workflow', as is clicking the 'Edit in Workflow' toolbar button. The field template that's applied will be the one associated with a workflow step, if one is applicable. If the current workflow step does not have a template applied, the template will be based on the project-specified field template.

So, if you enable the "Edit" permission and disable the "Change Workflow step" permission, that role will be able to edit items, and the field template applied will be the project-level template. In this situation, double-clicking an item will default to simply editing the item, not editing the item in the workflow.

If you do the reverse- disable "Edit" and enable "Change item's Workflow step"- then that role will be forced to 'Edit in Workflow'. If an item resides outside of a workflow step, then the item becomes uneditable. Yet as long as an item already exists in a workflow step, it can be edited. At the project level, you can configure OnTime to force newly created items to begin in a specified workflow step, and in conjunction with this role, you can force your users to edit items in Workflow.

I know that must all sound a bit confusing, especially at first glance. So let me know if you need any clarification, or if you have anything to add.