Custom Permission Profiles provides Admins the ability to create new permission profiles that reflect the organization's needs. Custom permission profiles can be also be updated or edited should the needs of the users, their roles or the organization change over time. If you are interested to learn more about the default permission profiles and what each permissions means, see About permissions profiles and how they work.
This article covers:
- Overview of custom permissions
- Understanding custom permissions
- Understanding View-only permissions
- Creating and managing custom permission profiles
- Configuring custom permission profiles for common roles
Overview of custom permissions
Custom permission profiles enables organizations to define access to the platform based on their roles or workflows. The chart below lists each of the permissions available and the access permitted if enabled. Some permissions may also enable additional permissions by default.
Permission | Access granted |
Additional permission enabled by default |
---|---|---|
View financial information | Access to all financial features including Baseline, Budget, Periods and the Project Portfolio Report - viewing revenue, cost and profit. | View financial information, revenue only. |
View financial information, revenue only |
Access to all financial features including Baseline, Budget, Periods and the Project Portfolio Report - viewing only revenue |
|
Manual Revenue Recognition | Access to manual revenue recognition | |
Access to all projects and programs | Access to all projects and programs on the account, independent of being part of the project or program team. | |
Share Schedule Projects | Access to share Schedule Projects. | Manage projects, Manage phases, Manage sprints, manage workflow columns, See and manage reports. |
Manage programs | Access to create new programs, add/remove projects from a program and manage projects. | Manage projects, Manage phases, Manage sprints, Manage workflow columns, See and manage reports |
Manage projects | Access to create new projects and access all project settings, including creation of phases and sprints as well as access to all resources from Schedule People and Project Timeline. | Manage phases, Manage sprints, Manage workflow columns, See and manage reports. Approve allocations is also default enabled, but can be deselected. |
Manage phases | Access to create, edit and delete phases in projects. | |
Manage sprints | Access to create, edit and delete sprints in projects. | |
Manage workflow columns | Access to create, edit and delete workflow columns in projects. | |
Approve allocations | Access to change soft allocations into hard allocations and staff placeholders. | Manage projects and all its additional permissions and cannot be deselected. |
See and manage reports | Access to All Reports and the ability to create, edit and delete reports. | |
See and manage retainer periods | Access to Retainer Tracking in projects and the ability to create, edit and delete retainer periods. | See and manage reports. |
Manage other person's time registrations | Access to company timesheets (Timesheet Entries/Timesheet Approval) and ability to read, create, edit and delete time entries for other users. Access to locking, approving and rejecting timesheets for Admins/Project Owners, if Timesheet Lock/Time Approval features are enabled). | |
Invite new team members | Access to invite new team members to the account. | |
Edit another person's comment | Access to edit and delete other user's comments on tasks. | |
View advanced analytics dashboards | Access to view Advanced Analytics dashboards shared with them. | |
Design advanced analytics dashboards | Access to design and share Advanced Analytics dashboards. |
Understanding custom permissions
Custom permissions provides Admins the ability to control which pages and visibility their team has based on role, workflow, or their organization's structure. Some custom permissions may appear to permit the same level of access, when in reality, the access they provide is very different. The list below highlights some of the commonly misunderstood permissions and how each impacts user access across the platform.
- Access all projects permits access to all projects regardless of being named on the project's team.
- Manage projects permits access to the project for which the user is named on the project team.
- View financial information enables full financial access. Users with this permission will see revenue, cost, profit and margin. Users will also have access to internal hourly cost rates for all team members.
- View financial information, revenue only permits access to revenue-only financials. Users with this permission will not have access over financial values for cost, profit or margin nor visibility over internal hourly cost for team members. Users will have access to project financials, budgets and portfolio reporting however they will see just revenue related values.
Understanding View-only permissions
Sometimes, team members may need access to projects but at a view-only level. To satisfy this need, Forecast offers four view-only permissions that grant access to various resourcing pages without requiring the permission, "Manage projects." View-only permissions allow data to be visible but without granting the additional access to edit.
View-only permissions for resourcing
The following view only permissions permit access to the noted resourcing page. The projects and data that these permissioned users can see and edit will remain as they are elsewhere throughout the platform.
Permission | Access granted |
---|---|
View All Timelines | Ability to view All Timelines page. Does not entail ability to make changes. |
View People Schedule | Ability to view People Schedule. Does not entail ability to make changes. |
View Demand | Ability to view Demand. Does not entail ability to make changes. |
View Capacity Overview | Ability to view Capacity Overview. Does not entail ability to make changes. |
View-only permissions for projects and programs
In addition to view-only access for resourcing pages is "Read data access for all projects and programs". This permission enables visibility over data from all projects and programs in:
- Resourcing pages the user has access to
- Reports
- Advanced Analytics.
"Read data access for all projects and programs" does not:
- Restrict any editing access the user may otherwise have
- Provide a read-only view of Scoping or project Budget pages
- Provide a view-only list in All Projects of projects the user does not have access to.
Creating and managing custom permission profiles
Admins are the only permission with access to create or edit custom permission profiles. All permission profiles, except Admin, can be edited to include or remove certain permissions.
To create a custom permission profile
- Click on Admin on the top bar.
- Select Permissions from the dropdown.
- At the bottom of your existing profiles, type in the empty text field the name of the new profile.
- Click on the + button.
- Once the permission profile is created, click on the Edit button to select the access rights and permission for this specific role.
To edit an existing permission profile
- Click on Admin on the top bar.
- Select Permissions from the dropdown.
- Click on the Edit button.
- Check the permissions that you would like to enable or disable for that particular profile
- Click Save.
Configuring custom permission profiles for common roles
Platform access for specific roles or workflows can be defined using custom permission profiles. Such roles may include Resource Manager, Financial Manager or Timesheet Manager. Depending on the needs of a role, configuring the right combination of permissions is crucial.
Suggested permission configuration for Resource Managers
- Users with the permission ‘Manage projects’ can view the People Schedule to see allocations across resources.
- Users with the permission ‘Approve allocations' can convert soft allocations into hard allocations and also create and staff placeholders.
- Users with the permission 'See and manage reports" have access to all reports including Time Registrations and Utilization Reports.
Suggested permission configuration for Finance Managers
- Users with the permission 'View financial information" have full financial access. Users may be limited to just the projects they are assigned to or to all projects.
- Users with the permission 'Access all projects and programs' have access to all projects, not just those they are assigned to.
- Users with the permission 'Manage projects' have access to projects they are assigned to.
- Users with the permission 'Manual revenue recognition' have access to manually update monthly revenue recognition values as well as locking and unlocking months.
- Users with the permission 'Manage programs' have access to programs they are assigned to.
- Users with the permission 'See and manage reports' have access to all reports including Project Portfolio Report. Whether users see full financials or just revenue only depends on the financials permission.
- Users with 'See and manage retainer periods' will have access to Retainer Tracking. Whether these users have access to Retainer Tracking in all projects or just those they are assigned depends upon the permissions 'Access all projects and programs' or 'Manage projects'.
Suggested permission configuration for Timesheet Managers
- Users with the permission ‘Manage projects’ can view the People Schedule to see allocations across resources.
- Users with the permission ‘Manage other person's time registrations’ are able to modify time off allocations.
- Users with the permission ‘Manage other person's time-off’ can create, edit, approve and reject time-off (only applicable if time-off approval is enabled).
Comments
0 comments
Article is closed for comments.