Permission Sets Overview

Creating Permission Sets and User Groups Video

Permission sets are collections of security privileges that can be assigned to individual users or user groups. There are two types of permission sets in the application: global and object permission sets.

Global Permission Sets

All users must be assigned a global permission set. Global permission sets determine a user's access to application settings and application-wide functions such as administering workflows, assigning proxy users, adding and supervising timesheets, managing users and companies, and more.

Global permission sets are configured when a user is being added to the application or by editing the user's details. The default global permission set for new users is View Only (System), though the application administrator can choose a different default global permission set. Global permission sets cannot be assigned to user groups.

Object Permission Sets

Users and user groups can also be assigned security permission sets for workspaces, projects, portfolios, programs, custom logs, files, ideas, and reports when access to these objects is being granted. Object permission sets are comprised of privileges that define a user's ability to perform certain functions such as add, edit, and delete. They also define a user's level of access to an object and its data. Object permission sets can be created by application administrators in Global Admin and by workspace administrators at the workspace level.

When you assign access to an object, you can choose to define permission sets that pertain to the objects within that object. For example, when you are assigning a user access to a project, you can choose to also assign a files permission set, which will then grant the user those privileges for all files in the project. If you want a user to only be able to access one file, then you should assign that user to the file directly. Additionally, when you assign a user or user group access to a workspace, the permission sets you define will also apply to any child workspace.

If a user or user group is assigned more than one permission set for an object, the user or group has the privileges for all assigned permissions. For example, if a user is granted the Add Project privilege in one user group that they are assigned to but not another, they will still be granted the Add Project privilege.

There are two default permission sets that cannot be modified from the Permission Sets page but are available to assign to users: Administrator (System) and View Only (System).

Tips