How permissions work

In Replicon, permissions help determine what data and features users can access and what actions they can perform. Permissions are organized into permission sets that are assigned to users in their user profiles.

In order to access a product's features, users also require a license for the related product.

What is a permission set?

Permission sets are used to assign permissions to users. There are up to ten types of sets available, depending on what products you’re using. Each type of permission set corresponds to one or more roles within Replicon.

You can create as many permission sets of each type as you need. However, each user can only be assigned one permission set for each type.

For example, you might create two permission sets based on the User permission set type – a Project Resource and a User set. In this scenario, each user in your system could be assigned only one of these two User-type sets in their user profile.

How do permission sets determine what data users can access?

Each permission set defines one or more roles. Roles determine the implicit and explicit permissions that determine what features and data a user can access in Replicon. For each role, a user's access may also be limited to certain groups of employees.

Implicit permissions

Implicit permissions are ones granted based on the type of permission set the user is assigned, and by the user type selected within that set, if applicable.

For example, any user assigned a User type permission set has the implicit ability to modify their own user settings. No special permission needs to be selected for them to have this ability.

If the Project Resource user type is enabled within the project set, the user can be assigned to projects. No option associated with this ability needs to be explicitly enabled.

Explicit permissions

Explicit permissions are ones that are configurable explicitly. That is, each permission is represented by an option in the permission set that you can enable or disable.

How are multiple roles defined by one permission set?

Most permission set types define permissions for one role – for example, anyone assigned the Payroll Manager type of permission set is as payroll manager, by default.

However, there are two types of permission sets that correspond to multiple roles: Project Management and User. Additional roles are enabled for each of these by enabling user type options available within each set.

The table below outlines which roles each set can define:

Type of permission set

Roles defined by that permission set

User

User1

Project Resource

Report User

Project Management

Project Management1

Project Manager

Client Manager

Program Manager

You can enable more than one role within each permission set of these types. For example, you can create a permission set with the Project Manager, Client Manager, and Program Manager roles enabled.

What data and features can each role access?

The following table outlines what a user assigned each role in Replicon can be allowed to do.

Role

Users assigned this role can...

Administrator

Carry out all functions involved in setting up and maintaining the system, including assigning settings to users in their user profiles

Billing Manager

  • Create, edit, or view invoices
  • View, edit, delete, submit, reopen, force approval/rejection of timesheets and expense sheets belonging to any user in the system

Client Representative

Be assigned as a client representative

Payroll Manager

  • View, edit, delete, submit, reopen, force approval/rejection of timesheets, expense sheets, and time off belonging to any user in the system
  • View and edit time punches of all users
  • Mark expenses as reimbursed
  • Export payroll data

Cost Manager

View, edit, delete, submit, reopen, force approval/rejection of timesheets and expense sheets belonging to any user in the system

Project Management

  • View and edit settings for all projects, clients, and programs

You can assign one or more of the following three user types for this permission set, that grant the following additional abilities:

  • Project Manager
  • Be assigned to manage individual projects or as a project co-manager
  • View and edit settings for projects to which they are assigned manager or co-manager, and clients and programs associated with those projects
  • Approve timesheets and expenses for projects to which they are assigned manager or co-manager
  • Client Manager
  • Be assigned to manage individual clients or as a client co-manager
  • View and edit settings for clients to which they are assigned client manager, and projects associated with those clients
  • Program Manager
  • Be assigned to manage individual programs or as a program co-manager
  • View and edit settings for programs to which they are assigned program manager, and all projects associated with those programs

Resource Manager

  • Allocate resources to time and tasks
  • View or edit skills that are assigned to resources
  • View billing, cost, payroll, or expense data associated with all resources in the system

Schedule Manager

View or edit shift-based schedules

Supervisor

  • Be assigned as a supervisor in user profiles
  • View, edit, delete, submit, and reopen timesheets belonging to those they supervise (their direct reports)
  • View expenses belonging to their direct reports
  • View and edit schedules belonging to their direct reports
  • Approve or edit timesheets, expenses and time off belonging to those they supervise or whose projects they manage
  • View pay details for timesheets

User

Be allowed to assign a substitute user

To be allowed to use a timesheet or expense sheet, or to book time off, a user must be assigned – respectively – a timesheet, expense, or time off template in their user profile. Being assigned a User permission set does not implicitly give users access to these features.

You can assign one or more of the following two user types for this permission set, that grant the following additional abilities:

  • Project Resource

Be assigned or allocated to projects

  • Report User

Use reports

1 In effect if no user type is selected. Includes permissions common to all user types for that set.