General permissions cover an assortment of permissions that are applied to the user as a whole. When possible, permissions changes should be made at the user type level as opposed to being overridden at the individual user level. This makes making organization-wide policy changes in permissions much easier.
- In the Topic of the Day: Permissions Management Webinar, we discuss Projector’s permission structures and help administrators identify efficient ways to model permissions in their organization.
Permissions and Settings
In order to edit general permissions you must have the global permission System Settings set to update.
General permissions cover a hodgepodge or settings. Please see the table below for an explanation of each.
Allow access to Management Portal
Check to allow the user access to the Management Portal.
Use default tab group
Use the drop down button to select the desired tab group. Tab groups are a predefined set of screens for managing Projector. You can imagine that if you were a project manager in the system then you would probably want to see the projects, time approval, expense approval and report tabs by default. Whereas a finance manager would want to see the invoice tab, expense browser, vendor invoices, and time browser.
Limit access to projects in time entry, expense entry, and project workspaces
The limit access flag is often set for contractors who should not be able to see information about your installation outside their purview. For example, if you have a contractor working on projects for Client X, you wouldn't want them to see your entire client list. The limit access flag comes into play in specific situations. You should not consider it the "be all and end all" of locking users out of your installation data. If you elevate other parts of their permissions, then these may supersede any limiting imposed by this flag.
Users with this flag set will see the following limitations:
Corner case - If limited user is requested on a project, then the project may be added to their timesheet. However, if that role is then booked to any other resource (including unnamed), then adding the project is impossible.
Include in Project Manager list
Check to include this user in the list of potential project managers wherever Projector requires entry of the name of a project manager. This is a time-saving feature. Thus, even if a user is not designated here as a project manager, you will still be able to assign the user to be the manager of specific projects. Note that this user can be included in the list regardless of their title – meaning that a person in your organization need not have the title of "Project Manager" to have project manager capabilities in Projector. However, the users must also have a resource profile in the engagement cost center or a child of that cost center for them to be displayed in the PM List.
Use delegated authentication
If Projector has been configured for delegated or external authentication, you can check this box to cause Projector to use the external authentication mechanism to authenticate this user or uncheck it to cause Projector to use its own authentication mechanism. If configured, Projector can consume an external, customer-supplied, web service to authenticate users when they log in to Projector via the management portal or Reference Guide - Employee Portal. Please Contact Projector PSA if you want to configure Projector for external authentication or find out more.
Delegated authentication login name
Enter the login name to be used by this user for delegated/external authentication.
|Single Sign On:|
You can optionally enable Single Sign On (SSO). With SSO enabled, a user can log in one time and be authenticated across a variety of applications that they use, including Projector. Projector provides this functionality through any provider that supports SAML 2.0. To learn more about our SSO implementation and how to start using it, please see Single Sign On (SSO) Implementation Guide.
Because Projector user types are additive, SSO uses the following order precedence for determining what should be used:
|Resource can (skills):|
|Resource can (time off):|
Control whether a resource can request time off and whether that request needs approval. These requests are used for scheduling purposes only. That is to say, they are for the future. Resources can always enter time off for the past on their time entry page. For example, requesting future vacation time makes sense. Requesting yesterday because you were sick does not.
|Resource can (advanced analytics):|
This option is only available if the Advanced Analytics module is enabled. Each user provisioned for AA incurs an additional monthly cost. See your contract for details. To learn more about Advanced Analytics, visit its help page.
Allow resource to request their own time
Allow resource to book their own time
These two settings allow a resource to either request or schedule hours for Roles for which they are assigned to.
These permissions must operate within the typical permissions structure of Projector. In order to actually edit your hours, the following must be true:
With the necessary permissions, Resources have access to Project&Planning→Roles→Schedule tab