Working with roles

Top  Previous  Next

This topics contains information on types of users, on assigning roles, and also contains an overview of all roles and rights.

 

Two types of users

The Principal Toolbox allows for two types of users:

1.Administrators, who get access to everything everywhere. Administrator rights can only be granted in the user administration (only accessible by other administrators).

2.Users, who get access to entities and areas within the Principal Toolbox by assigning them roles.

 

The roles that are assigned to a user determine what access the user has. Access can be restricted to various actions, like getting read-only access or allowing full access including removing items. A user can be assigned multiple roles at the same time. Below follows an overview of the various roles and the access rights associated with them.

 

Roles can be defined on Organisational unit level, each functional module and entities within the modules such as portfolio's, projects and plan items. As an administrator it is important to realize that you not only have access to everything, but also that you can see everything in the system such as tabs, projects etc. This is not a valid representation of what the average user is experiencing when he is using PTB, only the item to which the user is assigned will be visible. To be aware of this difference, you could switch between admin and user accounts to see what's the difference.    

 

How to assign roles

Roles can be set on various locations in PTB. For example in a project.

Step 1. Click Edit Roles on the right in the dark header.

Step 2. Select the right users for the right roles.

clip0258

The dialogue box for setting roles on a project.

 

Step 3. Click OK.

 

Note: Select user group ‘All Users’ to make all users member of the OU.

Note: For folders and projects security-enabled locations that have no security set, ALL members of the organisational unit have access. Please keep this in mind if you do not want users to access such locations.

Note: When a role is assigned to a user, they will see the item to which the role applies on their homepage (i.e. project or program)

 

 

Permissions per role: an overview

The tables below give an overview of all roles and their rights.

 

Roles on organisational units

Role

Rights

Organisational unit Manager

 

 

 

•Create and archive folders in the organisational unit

•Assign folder manager(s) to a new folder within the organisational unit

•Assign folder reader(s) to a new folder within the organisational unit

•Manage roles at the organisational unit level

•Access information of all folders and projects within the organisational unit

•Modify picture and text on organisational unit dashboard

•Defining resource availability

•Allocating project and non-project work

•Assigning and removing Non-project Activity Sets from the organisational unit

•Allocating hours against projects and non-project activities

Organisational unit Support

•Identical access rights as the Organisational unit Manager

Organisational unit Reader

•Access information of all folders and projects within the organisational unit

•Read access to the resource management of the organisational unit

•This includes read access to all allocation requests, time allocations and availability data on the applicable organisational unit

Organisational unit Member

•Can be assigned to individual portfolios as readers or managers within the organisational unit

 Note: before being granted access to portfolios, users first have to be a member of Portfolio Management

 

Roles on Project Management

Role

Rights

Project Management Coordinator

 

 

 

•Create and archive folders

•Assign managers and readers to individual folders

•Manage roles at all levels within the folders

•Access to all folders and their underlying data

•Remove and restore archived folders

Project Management Reader

•Read access to all data within project management

 

Roles on Folders

Role

Rights

Folder Manager

•Create, move and archive projects and project models on assigned level

•Create, move and archive sub-folders

•Remove and restore archived projects, project models on assigned level

•Assign project manager to a new project

•Manage roles (managers and readers) of assigned level

•Create, edit and remove issues, documents, risk’s etc. within assigned level

•Read all information within own and underlying levels

•Set tolerances for the projects within assigned folder / project list

•Modify layout of folder / project list dashboard

Folder Support

•Identical access rights as the Manager

Folder Reader

•Read all information within own and underlying levels

 

Roles on Portfolio Management

Role

Rights

Portfolio Management Coordinator

 

 

 

•Create and archive portfolios

•Assign managers and readers to individual portfolios

•Manage roles at all levels within the portfolios

•Access to all portfolios and their data

•Create and archive portfolio items within portfolios

•Administer portfolio models

•Remove and restore archived portfolio items

•Assign a project manager when starting a project from a portfolio item

•Changing the portfolio dashboard layout

Portfolio Management Reader

•Read access to all data within the assigned level

 

Roles within Portfolios

Role

Rights

Portfolio Manager

 

 

 

•Create and archive portfolio items

•Assign managers, readers and members as owner to individual portfolio items

•Access to all portfolios and their data

•Create and archive portfolio items within portfolio

•Remove and restore archived portfolio items

•Assign a project manager when starting a project from a portfolio item

•Changing the portfolio dashboard layout

•Saving portfolio versions

Portfolio Reader

•Read access to all data within the assigned level

Portfolio Members (available as of release 7.0)

•Can be assigned to individual portfolio items as owner

 Note: before being granted access to portfolios, users first have to be a member of Portfolio Management

 

Roles on Portfolio Items

Role

Rights

Owner

•Add documents to a portfolio item

•Editing all portfolio item specific and custom fields

 

Roles within Custom Dashboards

Role

Rights

Dashboard owner

•Can set the dashboard filter and modify the portfolio dashboard (views, reports etc.).

 

Note: The viewing permissions of the dashboard owner are used to identify the list of projects for the portfolio dashboard.

 

A common scenario is to have the dashboard owner someone that coordinates the portfolio management setup, or an administrator. By setting the correct dashboard filter, other users can see the information they need.

Dashboard manager

Dashboard managers cannot alter the dashboard filter but otherwise have full permission (except to edit project information as a portfolio dashboard is used for viewing/reporting). Dashboard managers are allowed to create views, reports etc.

Dashboard reader

Dashboard readers only have viewing access to the portfolio dashboard but cannot define additional reports.

 

Roles on Programmes

Role

Rights

Programme Manager

 

 

•Manage all information within own programme

•Edit programme plan, planning, logs, etc.

•Edit members

•Set the general status of own programme

•Modify lay-out programme dashboard

Programme Support

•Identical access rights as the Manager

Programme Reader

•Read all information within a programme

•Add issues to the issue log

Programme Member

•Access assigned items within the programme

•Add issues to the issue log

 

Roles within Projects

Role

Rights

Project Manager and Project Support - Blue box

•Manage all information within own project

•Edit project plan, planning, logs, etc.

•Edit project team

•Set the general status of own project

•Modify lay-out project dashboard

Project Board members - Green box

(Executive, Senior User, Senior Supplier)

•Read all information within a project

•Add issues to the issue log

Team members - Orange box

 

•Read all information within a project, except project costs information.

•Add issues to the issue log

External members - Grey box

Note: The availability of this role is dependent on your configuration and can only be assigned to external users. External users are users that are from outside the organization. The external member cannot view the project but can only:
•Become owner of products (assigned by other roles)

•Write hours (time entry) on the project

 

Roles on Products / Plan Items

Role

Rights

Owner

•Add deliverables (documents) to a product

•Add new log items (issues, risks, changes, actions, quality reviews) related to the product.

•Editing all product specific and custom fields

Reviewer

•Add deliverables (documents) to a product

•Add new log items (issues, risks, changes, actions, quality reviews) related to the product.

•Editing all product specific and custom fields

Participant

•Add new issues related to the product.

Roles on Logs (Issues, Risks, Changes, Actions, Quality reviews)

Role

Rights

Owner

•Change all information in a log item

•Assign the log item to another project team member

Creator

•Change all information in a log item

•Assign the log item to another project team member

Project Manager and Project Support

•Change all information in a log item

•Assign the log item to another project team member

Roles within Resource Management

Role

Rights

Resource Management Coordinators

Has the following rights on all Resources within all underlying organisational units:

•Defining resource availability

•Allocating project and non-project work

Resource Management Reader

Has the following rights on all Resources within all underlying organisational units:

•Access to all resources on the underlying organisational units.

•Reader access to all allocation requests, time allocations, and availability data

 

Roles within Benefits Management

Role

Rights

Benefit Management Coordinators

•Creating, editing and removing benefits

•Editing the benefits map

•Editing benefit lay-out

Benefit Management Reader

•Reader access to all benefits and benefits map