This guide explains how to manage and configure system permission profiles and utilize predefined roles. Permission profiles allow you to group allowed actions and visibility for users into different sections, such as customers, projects, billing, and settings.

Viewing permission profiles

From this view, you can see all permission profiles created in the system and check which ones are active or disabled.

Settings > Permission profiles

  1. Open the settings menu > Permission profiles.
  2. Browse the list of active permission profiles.
  3. Check the box Show disabled permission profiles if you want to view disabled profiles.
  4. The Default label is next to the permission profile that is set as the default profile. This profile is automatically assigned to a new user, but the selection can be changed when adding a user.

Creating a new permission profile

Here's how to create a new permission profile in the system, for which you can later define more specific rights and restrictions.

Settings > Permission profiles > Add permission profile

  1. Click Add permission profile to create a new profile.
  2. Enter a clear and descriptive name for the profile.
  3. Check the box Set as default profile if you want all new users to automatically receive this profile.
  4. Save the information to proceed to more detailed rights definitions.

Predefined permission roles and their usage

The system has five common predefined roles designed to match typical company responsibilities. Here's how to utilize these roles and their recommended permission levels.

Management

This role is intended for the company's top management, who need to monitor the overall situation of the company but do not necessarily need to edit the system's technical settings.

  • Usage: Provide management with broad viewing rights to all sections.
  • Permission levels: Customers (All), Projects (All), Users (All or read access), Work hour and absence approval (All), Billing (Allowed to change status to any status), Settings (None or Edit settings).

Sales person

This role is designed for those working in customer interfaces, whose main task is to manage customer relationships and initiate sales projects.

  • Usage: Focus rights strongly on customer relationship management.
  • Permission levels: Customers and contacts (Edit or All), Projects (Project manager or No financials), Project joining (All).

Project manager

This role is intended for individuals who lead projects, are responsible for their finances, and guide the project team. 

  • Usage: Provide rights to manage own projects and subordinates, as well as billing.
  • Permission levels: Projects (Project manager), Customers (Read or Edit), Billing (Allowed to change status up to), Work hour approval (Own subordinates).

Administrator

This role is for the system administrator or IT manager who manages system settings, permissions, and additional features.

  • Usage: Provide full and unrestricted rights to all modules.
  • Permission levels: Customers (All), Projects (All), Billing (Allowed to change status to any status), Settings & features (Edit settings and manage subscription & features), Users (All).

Employee user

This role is suitable for project employees and specialists whose primary task is to log hours, travel expenses, and participate in projects without financial responsibility.

  • Usage: Restrict viewing and editing rights to own information and basic project information.
  • Permission levels: Projects (Project member, no financials), Customers (Read or None), Hours and absences (Own hours), Travel expenses (Own).

Defining and editing permissions

Here's how to edit the permissions contained in an existing profile for different actions. Note that you cannot edit your own permission profile for security reasons.

Settings > Permission profiles > Select profile from list

  1. Open the desired profile from the list by clicking its name.
  2. Define the Customers and contacts section using the dropdown menu to set the permission level. You can also enable the right to remove customers.
  3. Define the Projects section with role-specific levels and choose whether the user sees financials, can remove projects, or manage their own resourcing.
  4. Select the Project joining section to determine how freely the user can join projects.
  5. Define the Users section for rights to manage subordinates' information.
  6. Define the Billing section for limits on editing invoice status (requires financials viewing rights in the Projects section).
  7. Define the Work hour and absence approval rights (own, subordinates, business unit, or owned projects).
  8. Define the Travel expenses logging rights.
  9. Select the Report and dashboard sharing rights.
  10. Define the Settings & features section for rights to edit general system settings.

Removing a permission profile

Here's how to remove an unnecessary permission profile. You cannot remove the default profile or a profile that you are currently using.

Settings > Permission profiles > Select profile from list

  1. Open the profile to be removed from the list.
  2. Click the trash can icon (remove button) in the view.
  3. Confirm remove.


Keywords: permission profile, permissions, rights, permission levels, levels, roles, role, team, teams, business unit, business units, administrator, project manager, sales person, management, employee user, settings, projects, billing, approval, default profile



Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.