General Permissions

General permissions cover an assortment of permissions that are applied to the user as a whole. When possible, permissions changes should be made at the user type level as opposed to being overridden at the individual user level. This makes making organization-wide policy changes in permissions much easier.


Additional Resources

  1. In the Topic of the Day: Permissions Management Webinar, we discuss Projector’s permission structures and help administrators identify efficient ways to model permissions in their organization. 

This form is reached from two different areas of Projector. The User Types Editor and the User Editor.

Permissions and Settings

In order to edit general permissions you must have the global permission System Settings set to update.

General Permissions

General permissions cover a hodgepodge or settings. Please see the table below for an explanation of each.


Option

Description

Allow access to Management Portal

Check to allow the user access to the Management Portal.

Use default tab group

Use the drop down button to select the desired tab group. Tab groups are a predefined set of screens for managing Projector. You can imagine that if you were a project manager in the system then you would probably want to see the projects, time approval, expense approval and report tabs by default. Whereas a finance manager would want to see the invoice tab, expense browser, vendor invoices, and time browser.

Limit access to projects in time entry, expense entry, and project workspaces

The limit access flag is often set for contractors who should not be able to see information about your installation outside their purview. For example, if you have a contractor working on projects for Client X, you wouldn't want them to see your entire client list. The limit access flag comes into play in specific situations. You should not consider it the "be all and end all" of locking users out of your installation data. If you elevate other parts of their permissions, then these may supersede any limiting imposed by this flag.

Users with this flag set will see the following limitations:

  • Enter Time only shows projects they have a role on
  • Expense Entry only shows projects they have a role on
  • Find Time only allows searching on limited fields
  • Project Browser only returns projects that the user is an engagement manager, project manager, or can act as PM on. The users visibility into projects can be expanded by giving them the cost center permission View Projects.
  • Other areas of the management portal respect a user's specific permissions and not the Limited Access flag. For example, if you give a user request/schedule permissions for all cost centers, they'll be able to browse roles on all projects. If you have users that need their visibility into your business limited, you should be very careful about how you expand their permissions.

Corner case - If limited user is requested on a project, then the project may be added to their timesheet. However, if that role is then booked to any other resource (including unnamed), then adding the project is impossible.

Include in Project Manager list

Check to include this user in the list of potential project managers wherever Projector requires entry of the name of a project manager. This is a time-saving feature. Thus, even if a user is not designated here as a project manager, you will still be able to assign the user to be the manager of specific projects. Note that this user can be included in the list regardless of their title – meaning that a person in your organization need not have the title of "Project Manager" to have project manager capabilities in Projector. However, the users must also have a resource profile in the engagement cost center or a child of that cost center for them to be displayed in the PM List.

Use delegated authentication

If Projector has been configured for delegated or external authentication, you can check this box to cause Projector to use the external authentication mechanism to authenticate this user or uncheck it to cause Projector to use its own authentication mechanism. If configured, Projector can consume an external, customer-supplied, web service to authenticate users when they log in to Projector via the management portal or /wiki/spaces/docworkspace/pages/10330963. Please Contact Projector PSA if you want to configure Projector for external authentication or find out more.

Delegated authentication login name

Enter the login name to be used by this user for delegated/external authentication.

Single Sign On:

You can optionally enable Single Sign On (SSO). With SSO enabled, a user can log in one time and be authenticated across a variety of applications that they use, including Projector. Projector provides this functionality through any provider that supports SAML 2.0. To learn more about our SSO implementation and how to start using it, please see Single Sign On (SSO) Implementation Guide.

Because Projector user types are additive, SSO uses the following order precedence for determining what should be used:

  1. Optional (if any user type has 'optional' then it will be optional regardless of what other user types specify)
  2. Required
  3. None
Resource can (skills):

Control whether a resource can view and edit their skill levels on the Profile page. Skills are used to make best fit staffing decisions. Select from the following options:

  • Not see their skills on their profile - skill levels are hidden from the user and they will never see them
  • See their own skills on their profile - skill levels are displayed read-only to the user
  • Update their skills, with approval - skill levels are editable by the user, but must be approved by a manager
  • Update their own skills - skill levels are editable the user and are automatically approved
Resource can (time off):

Control whether a resource can request time off and whether that request needs approval. These requests are used for scheduling purposes only. That is to say, they are for the future. Resources can always enter time off for the past on their time entry page. For example, requesting future vacation time makes sense. Requesting yesterday because you were sick does not.

  • Not Request Future Time Off - Time off requests should be made directly to a manager, who can schedule it through the resource editor
  • Request future time off, with approval needed - Request time off and optionally email your time off approvers. Your approver will then authorize or reject the request through the resource editor. Requests will show up in reports and scheduling dashboards if viewing requests are enabled.
  • Schedule future time off, with no approval needed - Book the the time off without the need for approval. Bookings immediately show up in reports and scheduling dashboards.
Resource can (Projector BI):

This option is only available if the Projector BI module is enabled. Each user provisioned for BI incurs an additional monthly cost. See your contract for details. To learn more about Projector BI, visit its /wiki/spaces/docs/pages/12915465.

Allow resource to request their own time

Allow resource to book their own time

These two settings allow a resource to either request or schedule hours for Roles for which they are assigned to.

These permissions must operate within the typical permissions structure of Projector. In order to actually edit your hours, the following must be true:

  • The current project stage allows "Users with Permission Can:"
    • Schedule Resources  (for booking time)
    • Request Resources (for requesting time)
  • The user must be assigned to a Role on the project.


With the necessary permissions, Resources have access to the role landing page via Projects & Planning | Roles.  User can request or schedule hours on the Schedule tab of the role landing page.