Help Administrators

How permissions work

Looking for help with this feature in Polaris? Check out How permissions work in the Polaris help.

In Replicon, permissions help determine what data and features users can access and what actions they can perform. Permissions are organized into permission sets that are assigned to users in their user profiles.

In order to access a product's features, users also require a license for the related product.

Plus, in some products, a user's access to other users and projects can also be limited by what groups (like department or location) those other users and projects are assigned to. Refer to Limiting which groups a user can access for more information.

What is a permission set?

Permission sets are used to assign permissions to users. There are up to ten types of sets available, depending on what products you’re using. Each type of permission set corresponds to one or more roles within Replicon.

You can create as many permission sets of each type as you need. However, each user can only be assigned one permission set for each type.

For example, you might create two permission sets based on the User permission set type – a Project Resource and a User set. In this scenario, each user in your system could be assigned only one of these two User-type sets in their user profile.

How do permission sets determine what data users can access?

Each permission set defines one or more roles. Roles determine the implicit and explicit permissions that determine what features and data a user can access in Replicon. For each role, a user's access may also be limited to certain groups of employees.

Implicit permissions

Implicit permissions are ones granted based on the type of permission set the user is assigned, and by the user type selected within that set, if applicable.

For example, if the Project Resource user type is enabled within the project set, the user can be assigned to projects. No option associated with this ability needs to be explicitly enabled.

Explicit permissions

Explicit permissions are ones that are configurable explicitly. That is, each permission is represented by an option in the permission set that you can enable or disable.

How are multiple roles defined by one permission set?

Most permission set types define permissions for one role – for example, anyone assigned the Payroll Manager type of permission set is as payroll manager, by default.

However, there are two types of permission sets that correspond to multiple roles: Project Management and User. Additional roles are enabled for each of these by enabling user type options available within each set.

The table below outlines which roles each set can define:

Type of permission set

Roles defined by that permission set

User

User

Project Resource

Report User

Project Management

Project Management

Project Manager

Client Manager

Program Manager

If no user type is selected, the User and Project Management roles are enabled, respectively. These roles include permissions common to all user types for that permission set. For more information on this, refer to the Controlling Access help topics.

You can enable more than one role within each permission set of these types. For example, you can create a permission set with the Project Manager, Client Manager, and Program Manager roles enabled.

What data and features can each role access?

The following table outlines what a user assigned each role in Replicon can be allowed to do, based on the permission set they are assigned for that role.

In some products, a user's access to other users and projects can also be limited by what groups (like department and location) those other users and projects are assigned to. Refer to Limiting which groups a user can access for more information.

Role

Users assigned this role can...

Administrator

Carry out all functions involved in setting up and maintaining the system, including assigning settings to users in their user profiles

Billing Manager
  • Create, edit, or view invoices
  • View, edit, delete, submit, reopen, force approval/rejection of timesheets and expense sheets belonging to any user in the system

    Permissions for this role supersede all other related permissions. Refer to the FAQ at the bottom of the page for details.

    Client Representative

    Be assigned as a client representative

    Cost Manager

    View, edit, delete, submit, reopen, force approval/rejection of timesheets and expense sheets belonging to any user in the system

    Permissions for this role supersede all other related permissions. Refer to the FAQ at the bottom of the page for details.

    Payroll Manager
    • View, edit, delete, submit, reopen, force approval/rejection of timesheets, expense sheets, and time off belonging to any user in the system
    • View and edit time punches of all users
    • Mark expenses as reimbursed
    • Export payroll data

    Permissions for this role supersede all other related permissions. Refer to the FAQ at the bottom of the page for details.

    Project Management
    • View and edit settings for all projects, clients, and programs

    You can assign one or more of the following three user types for this permission set, that grant the following additional abilities:

    • Project Manager
    • Be assigned to manage individual projects or as a project co-manager
    • View and edit settings for projects to which they are assigned manager or co-manager, and clients and programs associated with those projects
    • Approve timesheets and expenses for projects to which they are assigned manager or co-manager
    • Client Manager
    • Be assigned to manage individual clients or as a client co-manager
    • View and edit settings for clients to which they are assigned client manager, and projects associated with those clients
    • Program Manager
    • Be assigned to manage individual programs or as a program co-manager
    • View and edit settings for programs to which they are assigned program manager, and all projects associated with those programs

    Resource Manager
    • Allocate resources to time and tasks
    • View or edit skills that are assigned to resources
    • View billing, cost, payroll, or expense data associated with all resources in the system

    Schedule Manager

    View or edit shift-based schedules

    Supervisor
    • Be assigned as a supervisor in user profiles
    • View, edit, delete, submit, and reopen timesheets belonging to those they supervise (their direct reports)
    • View expenses belonging to their direct reports
    • View and edit schedules belonging to their direct reports
    • Approve or edit timesheets, expenses and time off belonging to those they supervise or whose projects they manage
    • View pay details for timesheets
    • Complete and submit crew timesheets, for their direct reports

    Team Manager
    • View, edit, delete, submit, and reopen timesheets belonging to members of groups they're assigned to manage
    • View expenses belonging to belonging to members of groups they're assigned to manage
    • View pay details for timesheets belonging to members of groups they're assigned to manage
    • Complete and submit crew timesheets, for members of groups they're assigned to manage

    User

    Be allowed to assign a substitute user

    To be allowed to use a timesheet or expense sheet, or to book time off, a user must be assigned – respectively – a timesheet, expense, or time off template in their user profile. Being assigned a User permission set does not implicitly give users access to these features.

    You can assign one or more of the following two user types for this permission set, that grant the following additional abilities:
    • Project Resource

    Be assigned or allocated to projects
    • Report User

    Use reports

    FAQs

    Why isn't one of the user's assigned permissions taking effect?

    One reason this can happen is if the user is assigned payroll manager, billing manager, or cost manager permissions.

    These roles can be allowed to act on all users in the system, and their access level supersedes all other related permissions.

    For example, if you aren't assigned permission to reopen a timesheet in your timesheet template, you will still be able to open it if you have payroll manager permission. The reverse is also true -- if you have permission to reopen your timesheets based on your template, but you're assigned as a payroll manager who can't reopen timesheets, you won't be able to reopen yours.

    Related links

    Setting up permissions
    How your permissions affect what report data is available to you
    Limiting which groups a user can access
    Adding users and assigning them user profile settings
    Using data import to mass add, update, and delete data

    Start a free Replicon trial today based on your business needs

    Start Free Trial