Follow

Access rights

Content

Description

Access rights determine what information an employee is able to view and/or edit in Visma Severa. Visma Severa has few default access rights profiles ready to be used and the first Severa user is automatically assigned to "Administrator" profile with full access rights to the system. Default profiles can be edited to suite company's needs or new profiles can be created. Changes in access rights require user to log out and log in to become affective.

Go to top

Important to know

Visma Severa's access rights are build for user roles. In order for the access rights to work correctly user hiearchy and business units must be correctly defined. For some areas in Visma Severa we don't offer separate access rights, but there are still "hidden" access rights in place. For example editing or viewing of activities has limitations that are based on case membership or supervisor-employee relationship. Sometimes access rights can also limit more than they describe. For example if access rights to accounts is set to "None", then user also doesn't have access to cases regardless of what has been defined as access right for "Cases".

Go to top

Checklist before assigning access rights

User hierarchy

User hierarchy means the supervisor-employee structure. One person is always "top of the hierarchy", meaning there is one person without supervisor and he/she is considered as head of organization. All other users must have supervisors. Many of the access rights are based on this relationship between supervisor and his/her employees.Verify that supervisors have been set correctly for all employees from Tools > User management to avoid any conflicts in access rights.

user_hierarchy.jpg

Go to top

Business units

Business units can be used to limit access rights. In your organization you might call them "companies", "business units", "departments", "teams" or perhaps even "locations". What ever the name, every employee and every project belongs to one. Access to Cases, Work hour approval and Travel reimbursement approval can be limited per business unit. When you wish to limit access based on business unit, remember to check that all your employees and cases belong to correct business units.

Go to top

Case membership

Case membership together with "Cases"-access right limit the visibility and possible actions to cases. Every case has one owner and one or more members. Only case owners are able to edit or invoice cases. To be able to enter work hours, user must be a at least a member on a case. Access rights to cases will define what exactly is the user able to do when he is either case owner or a member. The access right can also give user a case owner -like access to cases, even when user is not really an owner.

Go to top

Activities

Activities do not have direct access rights that could be managed via access rights profiles. However, it doesn't mean that there are no access rights in place. Access rights to accounts, cases and users limit or allow visibility to activities. The possibility to add, view, edit or delete activities is described in "Access rights in detail".

General rule is that when you are owner or participant of the activity you can edit the activity. Below are listed few other scenarios that restrict or allow visibility to activities.

Go to top

Seeing vs. Viewing activities

Severa's calendar is based on the idea, that your collegues can see what you are working with and if your free or busy. Because of this, people are always able to see all activities the calendar. So, even though you don't have access rights to the activity, you can still see it in the calendar. The "View" access right means that you are able to open the activity and review the content such as name, description, participants, etc. When looking at activities in the calendar some description is shown even for users without any access rights. Work and To-Do activities will display the activity type and activity name. Out of office and Personal activities show only the category name.

Go to top

Activity owner vs. participants

Activity owner is always able to view, edit and delete the activity. Participants can also view and edit the activity, but cannot delete it. Participants can only remove themselves from the activity.

Go to top

Activity category: Out of office

When employee enters an out of office type of activity, other employees with access right "Users:None" are not able to view the content of the activity. When colleague looks at the absence in calendar or activity report, all he sees is text "out of office", regardless of what the actual name or content is. Users with access rights to "subordinates" or to "all users" are able to view and edit absences.

Go to top

Activity category: Personal

When employee enters an acivity that is personal (private), only the person himself can see the content. When a colleague looks at such activity in calendar or in activity report he sees only text "Private". If you add other users as participants to a private activity, then also participants are able to see the content.

Go to top

Case membership

When you are a case member, you get "view" -access rights to activities that are added to the case, even though you aren't participant of the activity.

Go to top

Access to accounts

When you have access rights to accounts, you are able to view all activities connected to accounts.

Go to top

Access rights in detail

Accounts

With "accounts" access right you can limit employees' visibility to account, contact and address data. 

Access right

Description

None

  • Note! Setting Accounts to None overrides "Cases" and "Join cases" access rights and user is no longer able view or edit cases, invoices, proposals or resourcing.
  • Cannot add, view, edit or delete accounts, addresses, contacts or cases.
  • Cannot create or view Accounts or Contacts -reports.
  • Cannot add activities to accounts or cases.
  • Can enter work hours, travels and products to cases.

Read-only

  • Can view all accounts, addresses or contacts.
  • Can create and view Accounts and Contacts -reports without financial data.
  • Can create activities for accounts
  • + "Can"-rights from previous access right.

View and edit

  • Can add, edit and delete all accounts, addresses or contacts.
  • + "Can"-rights from previous access rights.

All

  • Can report financial data on Accounts-report (Billing forecast, Revenue, Revenue (outsourced), Revenue (in-house), Billed, Uninvoiced, Labor expenses, Other expenses, Total expenses, Expected value, Sales margin, Margin, Margin %, Billing per hour, Billable hours %).
  • + "Can"-rights from previous access rights.

Deleting

  • When "No": Cannot delete accounts.
  • When "Yes": Can delete accounts when "Accounts" access right is either "View and edit" or "All".

Go to top

Cases

With "cases" access right you can limit employees' visibility to cases, phases, files, invoicing, proposals (add-on), resourcing (add-on), revenue (add-on) and various reports.

Access right

Description

None

  • Can enter work hours, travels and products to cases user is case member or case owner of.
  • Cannot add, view, edit or delete cases, phases, files, invoices, proposals (add-on) or resourcing (add-on).
  • Cannot add activities to cases.
  • Cannot recognize revenue (add-on).
  • Cannot view case or invoice data in Change history (add-on).
  • Cannot create or view following reports: Case analysis, Cases, Files, Financial summary, Financial timeline, Invoice rows, Invoices, Item analysis, Items, Phases or Proposals.

Project member, no rights to own financials

  • Cannot add new cases.
  • Can enter work hours, travels and products to cases user is case member or case owner of.
  • Can view cases user is case member of.
  • Can view, edit and delete cases user is case owner of.
  • Can add, view, edit and delete phases, files, invoices, proposals (add-on) or resourcing (add-on) for cases user is case owner of.
  • Can recognize revenue (add-on) for cases where user is case owner.
  • Can view case data in Change history (add-on).
  • Can add, view, edit and delete activities for cases user is case owner or case member of.
  • If user has subordinates, has access to subordinates cases as if he was case owner of those cases. Subordinates can be in different business units.
  • Can create and view following reports when case owner: Case analysis, Cases, Files, Financial summary, Financial timeline, Invoice rows, Invoices, Item analysis, Items, Phases or Proposals.
  • User cannot see any financial information. User cannot see prices and costs of own work hours or own KPI's which are based on financial data. He cannot see any project financials

Project member

  • Cannot add new cases.
  • Can enter work hours, travels and products to cases user is case member or case owner of.
  • Can view cases user is case member of.
  • Can view, edit and delete cases user is case owner of.
  • Can add, view, edit and delete phases, files, invoices, proposals (add-on) or resourcing (add-on) for cases user is case owner of.
  • Can recognize revenue (add-on) for cases where user is case owner.
  • Can view case data in Change history (add-on).
  • Can add, view, edit and delete activities for cases user is case owner or case member of.
  • If user has subordinates, has access to subordinates cases as if he was case owner of those cases. Subordinates can be in different business units.
  • Can create and view following reports when case owner: Case analysis, Cases, Files, Financial summary, Financial timeline, Invoice rows, Invoices, Item analysis, Items, Phases or Proposals.
  • When user is a case member, he cannot see financial data on Cases-report (Revenue, Revenue (outsourced), Revenue (in-house), Billed, Billed €, Billing forecast, Remaining billing, Uninvoiced, Uninvoiced €, Sales margin, Sales margin €, Margin, Margin %, Margin (in-house), Margin (outsourced), Billing per hour, Billing per hour €, Billable hours %, Labor expenses., Other expenses., Total expenses., Expense forecast, Estimated margin, Estimated margin %, Total price billed, Total price billed €, Price of hours not reviewed , Price of hours not reviewed €, Price of hours approved, Price of hours approved €, Expected value, Probability %, Expected order date).
  • When user is a case member, he cannot see financial data on Items-report (Total price excl. VAT €, Price of billed items, Price of billed items €, Unit price, Unit price €, Total price excl. VAT, Total price Total price €, Margin, Probability %, Expected order date).

Project manager, no rights to project financials or invoicing

  • Can add new cases.
  • Cannot add, view, edit or delete invoices.
  • Cannot recognize revenue (add-on) for cases where user is case owner.
  • Can enter work hours, travels and products to cases user is case member or case owner of. 
  • Can view cases user is case member of.
  • Can view without financial data, edit and delete cases user is case owner of.
  • Can add, view, edit and delete phases, files, proposals (add-on) or resourcing (add-on) for cases user is case owner of.
  • Can view case data in Change history (add-on).
  • Can add, view, edit and delete activities for cases user is case owner or case member of.
  • If user has subordinates, has access to subordinates cases as if he was case owner of those cases. Subordinates can be in different business units.
  • Following reports are hidden: Financial summary, Financial timeline, Invoice rows, Invoices, Purchase orders.
  • Cannot report financial data on other reports (columns mentioned above)

Project manager

  • Can enter work hours, travels and products to cases user is case member or case owner of.
  • Can view cases user is case member of.
  • Can add, view, edit and delete cases user is case owner of.
  • Can add, view, edit and delete phases, files, invoices, proposals (add-on) or resourcing (add-on) for cases user is case owner of.
  • Can recognize revenue (add-on) for cases where user is case owner.
  • Can view case data in Change history (add-on).
  • Can add, view, edit and delete activities for cases user is case owner or case member of.
  • If user has subordinates, has access to subordinates cases as if he was case owner of those cases. Subordinates can be in different business units.
  • Can report all case-related information when case owner and cannot view financial data when case member.

Cases in own unit

  • Acts as a case owner to cases belonging to same business unit (or it's sub units) as user belongs to.
  • Same access rights rules apply than for "Own cases"

All

  • Acts as a case owner to all cases.
  • Same access rights rules apply than for "Own cases"

Deleting

  • When "No": Cannot delete cases even when being a case owner.
  • When "Yes": Can delete cases if "Cases" access right is "Own cases, no case creation" or higher AND user is case owner.

Go to top

Join cases

With "Join cases" you can define if employees can add themselves as case members to cases. Join cases -link appears on the work hour entry page.

Access right

Description

No

  • Cannot join to cases.

Own business unit

  • Can join to cases that are in own business unit.

Yes

  • Can join to all cases.

Go to top

Users

With "users" access right you can limit employees' visibility to user management and work hours.

Access right

Description

None

  • Can enter work hours, travels and products to cases where user is case member or case owner.
  • Can add, view, edit and delete activities.
  • Can report only own work hours.
  • Can create and view following reports: Activities, User analysis, Work hour summary.
  • Cannot view user data in Change history.

Edit own employees

  • Can enter work hours, travels and products to cases where user is case member or case owner.
  • Can add, view, edit and delete work hours for subordinates.
  • Can add, view, edit and delete activities.
  • Can add, view, edit and delete subordinates absences (out of office -type activities).
  • Can report own and subordinates work hours.
  • Can create and view following reports: Activities, Time entries, User analysis, Resourcing reports, Work hours by case, Work hour analysis, Work hour list, Work hour summary, Work hour matrix
  • Can edit subordinates' user details in user management.
  • Can view user data in Change history.

Add and edit own employees

  • Can add new users.
  • + "Can"-rights from previous access right.

All

  • Can add new users.
  • Can enter work hours, travels and products to cases where user is case member or case owner.
  • Can add, view, edit and delete work hours for all users.
  • Can add, view, edit and delete activities.
  • Can add, view, edit and delete absences for all users (out of office -type activities).
  • Can report all work hours.
  • Can edit user details of every user in user management.

Go to top

Invoice statuses

Limit to which invoice status employee can set invoices to. For example you can define that project managers are able to create invoices into draft, and perhaps even sent them, but only business controller can mark the invoice paid.

Access right

Description

All

  • When user is case owner with access right to invoices, user can change invoice status to any of the active statuses.

Status selected

  • When user is case owner with access right to invoices, user can change invoice status only to the selected status and statuses ordered before it (in the list of invoice statuses).
  • When user doesn't have access right to certain invoice status, he is not able to edit the invoice, change settings of an invoice, credit the invoice or create a reminder of the invoice.
  • Example: You have following invoice statuses: "Draft, Sent, Paid". You select for project manager access right profile "invoice statuses:Sent". Now project managers can create invoices into "Draft" and change status to "Sent", but they cannot set invoice status to "Paid". Project managers are able to review invoices marked as "Paid".

Go to top

Work hour approval

Work hour approval access right appears only when Advanced time tracking add-on is active and Work hour approval has been enabled in Time tracking settings. With this access right you can give access rights for supervisors or managers to approve employees' work hours.

Access right

Description

None

  • Cannot approve work hours.

Own employees

  • Overrides "Users" access right regarding visibility to work hours.
  • Can view and approve subordinates' work hours.

Self and own employees

  • Can view and approve own and subordinates' work hours.

Own unit

  • Can approve work hours of users who are in the same business unit.
  • Can approve own work hours.
  • Cannot approve hours of subordinates who are in a different business unit.

All

  • Can approve work hours of all users.

Go to top

Case owner work hour approval

Case owner work hour approval access right appears only when Advanced time tracking add-on is active and Work hour approval has been enabled in Time tracking settings. With this access right you can give access rights for case owners to approve case members work hours.

Access right

Description

No rights

  • Cannot approve work hours.

Own cases

  • Overrides "Users" access right.
  • Can approve work hours entered for cases user is case owner of.

Go to top

Travel reimbursement

Travel reimbursement access right appears only when Travel reimbursement add-on is active. With this access right you can give access rights for all employees to create travel reimbursements and for supervisors or managers to approve them.

Access right

Description

None

  • Cannot add or view travel reimbursements.
  • Cannot report travel reimbursements.
  • Cannot approve travel reimbursements.

Create

  • Can add travel reimbursements for self.
  • Can report own travel reimbursements.
  • Cannot approve travel reimbursements.

Create and approve own employees

  • Can add travel reimbursements for self.
  • Can report own and subordinates travel reimbursements.
  • Can approve subordinates travel reimbursements.

Create and approve own unit

  • Can add travel reimbursements for self.
  • Can report travel reimbursements of users who are in the same business unit.
  • Can approve travel reimbursements of users who are in the same business unit.
  • Cannot report or approve travel reimbursements of subordinates who are in a different business unit.

Create and approve all

  • Can add travel reimbursements for self.
  • Can report travel reimbursements of all users.
  • Can approve all travel reimbursements, including own.

Go to top

Sharing

Give access to sharing center to create shared reports and dashboards.

Access right

Description

No

  • Can see shared reports and dashboards.
  • Cannot create shared reports or dashboards
  • "Sharing" not visible in Tools-menu.
  • When editing dashboards, cannot edit shared dashboards.

Yes

  • Can see shared reports and dashboards.
  • Can create and edit shared reports and dashboards
  • Can access "Sharing" in Tools menu

Go to top

Administrator

Give access to manage organization's settings and subscription and to do data imports or exports.

Access right

Description

None

  • Cannot access Settings, Upgrades, Data transfer, Account import, Item import
  • Can access user management if Users is "Edit own employees" or higher

View and edit

  • Can access Settings and edit all organization settings

All

  • Can access Upgrades, Data transfer, Account import, Item import
  • Can access Settings and edit all organization settings

Rights to API

Rights to API appears in user's access rights when company has purchased an add-on that uses API. Integrations are authenticated using API key, which is created for a Severa user. This user is then used to transfer data between Severa and third party software. Because API access is per person, API is enabled on user level, not in access rights profiles. People with access rights to manage users can enable API in user's details, but they cannot create the API key. This can be done only by the user him/herself. Go to How to create Severa API key for more detailed instructions.

Access right

Description

No

  • User cannot authenticate integration between Severa and third party software

Yes

  • User can create API key to authenticate integration
  • Users' other access rights define to which data integration has access to

Go to top

Managing access rights

Managing profiles

To create or edit access rights profiles go to Tools > Settings > Access rights profiles. In the list of existing access rights profiles you can see a number of users using each profile. Changes made to access rights profiles take affect after employee has logged out and logged back into Severa. The only access rights profile that you cannot edit, is the profile your user account is currently using. You should always have at least one user belonging to "Administrator" profile with full access rights to the system.

Go to top

Managing user's rights

As default, users get their access rights from the access rights profiles but the rights can be tweaked on user level if needed. Each user has "Access rights" section in their user details and editing that section allows you to either change the whole access rights profile, change individual access right or enable API. User can never edit his/her own access rights.

Go to top

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Powered by Zendesk