Secure Your Project Insight Data with Permissions
Questions about this training? We've got answers! Post your questions here.
AudienceProject Insight administrators
DescriptionProject Insight combines robust permissions with ease of use. If you are a Project Insight administrator, user manager or project manager, you should understand how to implement powerful permissions. Learn how to use Project Insight's powerful permissions and security features to provide the proper access levels to team members. Whether a team member is an internal employee, client, vendor, partner or sub-contractors, give them access to data pertinent to each.
- Learn how to add team members, groups of users and organizations to your system
- Understand the types of permissions and how and when to deploy them
- Use permissions and roles with confidence
- Add companies, groups and users
- Learn about the different user roles
- System Administrator
- Designated Support Contact
- User Manager
- Project Creator
- Project Template Manager
- Resource Manager
- Issue Manager
- Expense Report Approver
- Time Sheet Approver
- Time/Expense/Invoice Manager
- Project Report Viewer
- Resource Allocation Viewer
- Time//Expense Report Viewer
- Project Resource
- Active and Inactive Users
- Edit Profile
- Tool Tips
- Understand Project Level Roles
- Project Manager
- Project Scheduler
- Project Resource
- Set Permissions on Folders and Items
- Inheritance Rules
- Deny Functionality
- Root Level Permissions
- Advanced Display Settings
- Leverage Communication Settings
- Groups Communication Permissions
TranscriptProject Insight offers robust permissions that you can use to assure that your team members have access to the right information at the right time. Roles and permissions also make sure you limit information when needed to secure your data.
You can give not only your internal team members access to Project Insight but you can also give clients, vendors, partners or sub-contractors access to Project Insight. All your stakeholders can access real time project metrics and provide real time updates all while ensuring that the integrity and confidentiality of your data is maintained.
There are various levels of permissions that can be applied to Project Insight. Some permissions settings are built in, while other permissions may be completely tailored to meet the needs of your organization.
Permissions can be set at almost any level and on any entity in Project Insight. For example, they can be set on a folder, a project or even a task or issue.
The permissions that you can set on an entity are the industry standards read, add, change and delete.
What you’re seeing now is a Project Insight typical dashboard with the left navigation showing.
To see what the permissions look like for an entity, click on the Projects folder.
Folders are a common place where you set permissions.
Now click the Edit icon.
You can see all the properties that can be set for this folder and one of those properties is the Permissions.
Click on the Permissions tab.
Although you’re looking at permissions for a folder, this same format is used for setting permissions for all entity types.
Add companies, groups and usersThere are three main ways that you use to grant permission on an entity: Companies, Groups and Users.
For each of those, you can define what they can do to that entity such as read, add content, change or delete.
For example, you can set up a company and give the users associated with that company access to the folder or entity.
Or you can define a group and give members of that group access to the folder.
Or you can give an individual user access to the folder.
Once you select a company, group or user to set permissions by, then you can say whether that company, group or user has read, add content, change or delete access.
For example, this folder has a Group called All Authenticated Users and any user in that group has read, add content, change and delete permissions on this folder.
Let’s see where these companies, groups and users are setup.
CompaniesFrom the Administration section, click on Companies to see a list of the companies that are already setup in Project Insight.
These Companies will include your own company, but it may also include customers, vendors or contractors, or any organization you might collaborate with on projects.
For example, you may decide that you want to give your customers access to Project Insight. They can login and see the status of their projects without having to wait for a monthly or weekly report or having to call or email the project manager.
However, you can treat different clients or customers differently. You may give access to one client and not another. .
In addition, you may have a contract with a company that provides consultants that do work on your projects. You may want to give those consultants access to Project Insight so they can see a list of their tasks and update the status. However, you may not want the consultants to see any other projects than what they are scheduled to work on nor do you want them to see your internal team or teams from any other organizations.
To setup those kinds of permissions at the company level, you must have Permission Assignment Enabled for that Company.
Click and drag on any column header so you can see the full title of that column header, and you can see there is an option for the companies called Permission Assignment Enabled.
If you see “Yes” in this column, then for an item, you are able to select that company and set permissions for that organization.
For example, all the Companies have this option set to “Yes” currently.
Click on the Permission Assignment Enabled option to toggle it to “No” for one of the companies.
You may turn this option off for a variety of reasons. “Company” is used for other function in Project Insight other than just permissions. For example, they may also be used to designate who a project is being performed for and for rolling up reports by company or organization.
If Companies are used for those other purposes and there are no active users assigned, then you don’t want to have permissions assignment enabled.
To see the effect of turning off that option, click on the Projects folder again.
Click the Edit icon.
Click the Permissions tab.
The Grant Permissions By is set to Company by default.
Click on the drop down list with the Grant Permissions By set to Company, it will show only the Companies that have that option checked to yes.
Click on Companies again in the Administration section and click on the Permission Assignment Enabled option for that one company to turn it back on.
Now click on the Projects folder again.
Click the Edit icon.
Click the Permissions tab.
Click on the drop down list with the Grant Permissions By set to Company, it now shows all the Companies as being available to set permissions by.
If you don’t have permission assignment enabled for a company, it won’t be available in the permissions edit form.
Click on one of the companies to select it and add it to the permissions list by clicking the Add Icon.
You’ll see now you have that company listed in the permissions section and read, add content, change and delete access has been granted to the users attached to that company.
Click Save to save those settings.
Click on Companies again, in the Administration section.
GroupsThe next level you may set permissions for is a group.
In the Administration section, click on Groups.
Whereas companies have multiple purposes in Project Insight, groups are primarily used for setting permissions and it is the most common way of setting permissions.
If you have ever managed permissions at an operating system level, then you may also recognize this as the standard way to set permissions.
One of the reasons that you may want set permissions at a group level versus a company level is that a team member can belong to more than one group, but a team member can only belong to one company.
If you play different roles for the organization, you can be assigned to more than one group. Also, it is a best practice to use groups rather than permissions by user as you can join members to groups or remove them easily without changing your permissions each time.
You can add a new group by typing in the gray line.
Enter in project managers.
Click the save icon.
You’ve added a new group.
To add users to that group, click the Users icon.
On the left side, it shows all the available users in the system and the box on the right side, shows the user of the group.
Double click on a user name to add that user to the group.
Click Save to save it.
There is one group that has special functions in Project Insight and that is the All Authenticated Users group. By default, every user in the system belongs to this group. You cannot change this default group or add or remove users.
Any other group listed may be maintained by your Systems Administrator.
Click on the Projects folder again.
Click the Edit icon.
Click the Permissions tab.
This time for the Grant Permissions By option, click on Group.
Click in the drop down and you’ll see the Groups listed instead of the Companies.
For companies, you had to enable permission assignments on each company in order for it to appear in the drop down.
However, groups do not require that option. All groups will always appear in the drop down.
Click on a group to select it.
Click the Add icon to add the group permission.
You’ll see you now have that group listed in the permissions section and read, add content, change and delete access have all been granted to the users who are members of the group.
UsersSetting up permissions by company or by group is the recommended best practice. This makes it easy to maintain and monitor.
However, you can setup permissions by individual user as well.
To do that, click on Grant Permissions by User.
Click on the drop down and you’ll see users are now listed instead of groups or companies.
Select an individual user.
Click the add icon.
Although, you can set permissions by individual user, we do not recommend it, unless there is a very good exception. It is easier to setup a group and maintain permissions at that level and it reduces the chances for errors and setting of wrong permissions that could occur if you’re doing it by individuals.
Click the Save icon to save those changes.
Learn about the different user rolesThat’s the first level of permissions that can be tailored to meet the needs of your organization.
The next type of permissions are those that are built in as part of standard project management functionality and these are called the System Roles.
see those, click on Users in the Administration section.
Click the edit icon for a user.
This is the User add/edit form.
Click on System Roles.
System AdministratorThe first role, in the Power User section, is the System Administrator role and it allows you to change Global Settings, Edit Folders Navigation, Install Desktop Tools and view System Usage.
It also allows you to edit permissions as we have just been discussing.
To see that, click on the Projects folder.
The Edit icon gives you access to change the item properties. This will vary depending on what the item is and your access. In some circumstances, the Edit Item Properties icon will actually be a sub-menu, but for folders, you can click on this icon and it take you to the Edit Item Properties form.
Only users with the System Administrator role will have access to set the
Items Allowed tab
Advanced Display and
and Permissions tab.
Other users will not have those options. They will only see and be able to change the information on the General tab
and they will only be able to do that if they had read and change access on this folder.
The System Administrator role allows you to edit the permissions.
Click back on Users.
Click the Edit icon.
Click back on System Roles.
Designated Support ContactThe Designated Support Contacts are the people in your organization who get the support requests routed through them.
As per your license agreement, you can set up two people who are the main contacts for your system and all support requests initiated by your staff are vetted through the designated support contacts first.
Any user in the system can submit a support request
Hover on the Help icon and select Request Support.
The Request Support form appears and they can enter the support request information.
If you are not one of the two designated support contacts, then you are only able to send the support request to one of those two support staff and you have to choose which one.
If you are a designated support contact, then you won’t have that option and when you click Send Request.
the question or support ticket will automatically go directly to Project Insight.
Click cancel to cancel out of the support request form.
Although you can setup two Designated Support Contacts, it is a recommended best practice to just have one staff member responsible, that way you ensure you have a clear line of responsibility designated for answering questions.
User ManagerThe User Manager role enables you to add, edit and delete
Users options in the Administration section.
Normally, if you’re designated as a System Administrator, the User Manager role will also be checked by default.
But it is possible to be a User Manager without System Administrator capabilities.
One circumstance where this may occur is if you want Project Managers to also be able to add new customers into the system. You may give them User Manager role but not a System Administrator role.
Project CreatorThe Project Creator role enables you to create or add projects in the system.
Even if you have Add Content permissions on a folder, you are not able to add a project unless you also have the Project Creator role.
Now, once a project has been created, someone can be assigned a project manager on that project without having to have the Project Creator role, but you must be a Project Creator to add a project in the first place.
Project Template ManagerThe next option, Project Template Manager, enables you to create a project template.
This option works in conjunction with the Project Creator role.
You must first be able to create a project,
then this option enables you to add a project as a template.
In some cases, you want to manage or control the types and number of templates that get created. That is why you might want to limit who can create templates with this option.
In other cases, you may let anyone who can add projects and also create project templates.
Resource ManagerResource Managers can add resources to projects even though they are not project managers on that project.
Project managers by default can add resources to their own projects but a resource manager can add resources and manage resources on projects that they are not project managers on.
This option is used by teams that have a department manager or a resource or staffing department that is responsible for assigning resources rather than a project manager being responsible for that function.
Issue ManagerAn Issue Manager can take over administrative functions on issues without having been the person that created the issue or was assigned to the issue.
Basically, Issue managers take on the same roles as the issue creator or issue assignee for any issue they have access to.
Expense Report ApproverExpense report approvers reviews and approves expense reports.
You will receive email alerts and links to approve expense reports. This is usually a department head.
Time Sheet ApproverTime Sheet Approvers review and approve time sheets once the team has finished entering time and have submitted their time sheets for approval.
Time sheet approvers may be project managers on projects or a department head.
Time/Expense/Invoice ManagerThe Time/Expense/Invoice Manager role enables you to approve time and expenses and aggregate those entries onto an invoice report.
This person is usually an individual with the ability to review or see all financials in the system. Typically, it is someone in accounting, or a high level manager. The invoice report may optionally be exported to csv or Excel or integrated with your accounting system.
Project Report ViewerThe Project Report Viewer permission gives users access to view all project financial information.
The only users who can see financial data on a project are the project managers and any users granted this permission.
This is a common setting that is given to project sponsors or executives who will be running financial reports but will never be assigned as project managers on projects.
Also, this permission affects project reports. If you are not a Project Report Viewer and you run a project report the only projects that will show up in a project report are projects that you are assigned to as a resource. This is true, even if you have permission to view other projects that you are not a resource on, they won’t appear on your project reports.
However, with the Project Report Viewer permission, you will see all projects that you have access to view.
Resource Allocation ViewerThe Resource Allocation Viewer permissions enables you to see resource allocation details for all resources across all projects and you can also drill down into resource allocation details to see which tasks that resource is assigned to.
Project managers are able to see high level resource allocation for the resources on their projects. They can see the resource allocation details for projects they are project managers on which means they can drill down to the task level detail. If they are not project managers on a project, they will see the project level, but not the task level. So, you may grant resource allocation viewer access if you want all project managers to have the drill down capability.
Also, this permission is a common setting for resource managers. If you need to see the task details on the cross project resource allocation reports for all projects, or if you want to run system wide resource reports then you can turn this role on.
Time//Expense Report ViewerThe Time and Expense Report Viewer role enables you to see time and expense data for every project in the system.
This includes projects that you are not a project manager for and even projects that you do not have access to.
This role is usually assigned to an accounting person. It is used for someone who needs to view and report on the entries and validate them usually for payroll purpose but does not necessarily participate on those projects or update anything else in the system.
If you do have time and expense entries for a project you do not have access to, you can see the entries, but if you click on the link for the entries to go to the project you will get a permissions error.
Project ResourceThe Project Resource role enables you to be added to the project as a resource.
This is the most basic role in Project Insight. It allows team members to update tasks, add comments, collaborate on files, enter time and other functions.
To see this, click on Projects and click on one of the projects listed that you are a project manager for.
Hover on the Resources icon and click on Project Resources.
This is where you set the resources who are going to work on a project. Only Project Managers, Project Schedulers and users with the Resource Manager system role, can access this function.
You can see a list of the resources that are already assigned to this project.
To add a new resource, click on the drop down in the Resource Last Name column.
This list only shows those resources that have the Project Resource role checked. If that role is not checked, then you will not be able to add that user to a project.
To summarize, you can only get to this Resources view if you are a project manager or project scheduler on the project or you have the Resource Manager role checked and once you are on this form, you can only select users that have the Project Resource role checked.
Click back on Users and click the edit user icon and click System Roles.
Active and Inactive UsersThe last role listed, the Active role has a couple of different purposes.
You can have active and inactive users in Project Insight.
Active users are those team members that have the ability to login to Project Insight and perform updates and receive notifications.
Active users need to be licensed to log in and they are included as part of your license count.
You may also have inactive users.
Click on the Active checkbox to make a user inactive.
If a user is inactive, they cannot login to the system, receive email alerts or connect via the Outlook Connector. However, you can still assign inactive users to a project or task.
You do that by clicking on the Project Resource role.
You may have users or even other resources such as equipment that you track hours for, but they are never going to login to Project Insight or in any way interact with the system.
But, you still need to track them and manage them for your purposes. So you can do that in Project Insight by setting the user to inactive but keeping them as a Project Resource. Inactive users also don’t affect your license count. You can have as many inactive users as you want.
Another use of the inactive users is to deactivate employees that have left the company, or external resources whose role on the project has ended.
If employees have left the company, then you want to make them inactive and you also want to uncheck the ability to assign them as a Project Resource. This will keep them as resources on tasks they were previously assigned to for historical purposes but you cannot add them to any new projects or tasks.
IMPORTANT: It is a best practice is not to delete a user. Leave the user in the system but make them inactive and remove any other roles that they have been assigned.
Edit ProfileThe last role, Edit Profile allows a team member to go in and edit his or her own profile.
To see that, hover on My Insight, hover on View Profile and you can see the various options available.
In the Edit Profile, you can change your contact information, email address, username.
You can set preferences such as font sizes and email notifications and settings
And you can change and upload your photo.
You may choose to let team members maintain this information or you can have a user manager or system administrator make any modifications required instead if you wanted control over that, such as approaching a photo before it can used.
Regardless of whether this setting is on or off, you can always change your password.
Tool TipsYou can see more information about each of the roles by clicking on the label.
You can also click on the Help icon to see more information about setting up Users in general.
Click X to close the help.
Also, at the bottom of the form is a link to a short video about adding new users if you still need more information.
Understand Project Level RolesYou have seen how to set permissions on folders and other entities in the system and you have gone through the System Roles.
Let’s turn to another level of permissions which is the project level roles.
Projects have their own special set of permissions.
There are three project level roles, project manager, project scheduler and project resource.
Project ManagerEarlier it was mentioned that project managers on a project can see the financial information for that project and control that financial information. They can also add, edit and delete project header information, manage tasks, manage resources, etc.
Defining a project manager role on a project is a different level of permission than we’ve seen so far but it is affected by the system roles.
In the System roles, there was a Project Creator role.
You have to have that role to add a project into the system, but you do not need that role to manage the project once it has been created. That is a separate project level permission.
To be a project manager, though, and you were not the one who added the project, then you do need the Project Resource role checked.
As long as one of the other of those options are checked, you can be a Project Manager.
To see how to set a project manager on a project, click on the Projects folder.
Click on the name of a project that you are currently a project manager on.
Hover on Resources and click the Project Resources option.
You can see the resources assigned to this project. There is a column called Resource Type.
This defines the role that a resource has on this specific project.
Add a resource, by clicking on the Resource Last Name drop down.
Remember, resources will only be listed here if they were designated as Project Resources in their System role. That System level - Project Resource role is different than the role assigned at the project level, even though the terms on similar.
Click on a resource to select it.
The Project Resource in the System role designates if a resource be assigned to a project and the role at the project level designates what they can do on the project after they are assigned to it.
To see the project specific roles, click on the drop for in the Resource Type.
You can see there is a Project Manager, Project Scheduler and Project Resource.
Click on Project Manager.
By default, if you add a project, you are automatically set as the project manager on that project. However, that can be changed, additional project managers can be added and you can be removed or set as another type of resource on the project.
Again, a project manager on a project can see financial information and edit and manage the project, schedule, tasks and resources.
The other two types of project level roles are: project scheduler and project resource.
Click on the drop down under Resource Type to see those.
Project SchedulerClick on Project Scheduler.
A Project Scheduler is similar to a project manager role because as a scheduler you can edit project information, assign and manage resources, assign tasks, change work and duration etc.
However, project schedulers do not have access to any financial data associated with the project unless other permissions such as a Report Viewer System role permission has been assigned.
They are also not able to add project managers to the project.Project Resource
Click on the drop down under Resource Type and click on Project Resource.
A Project Resource is a user that can be assigned to a task on a project and if they are active in the system, they can update the task status, enter time and expenses, collaborate on the tasks, add documents, issues or to-dos and more.
Project Resources can never edit a project or change planned task information (such as work, duration, dependencies and planned start or end dates).
A Project Resource cannot see financial information either (unless some other system role permission over-rides that).
Set Permissions on Folders and ItemsYou can see that the different levels of permissions work together. Now you’ll see a little more detail about the entity level permissions.
Remember that you can set entity level permissions on nearly any item in Project Insight including folders, projects, tasks, documents etc.
Click on Projects to go back and see the permissions that were set on the folder level.
Click the Edit icon.
Click on Permissions.
Previously, you saw how to Grant Permissions to an entity such as a folder by selecting a company, group or user and clicking the add icon.
Then you could set the access that company, group or user gets; such as read only, add content, change or delete.
Inheritance RulesIt is import to understand the option to Inherit Permissions from parent item. This is a default setting that works the same way as operating systems permissions do.
This option basically says to take whatever permissions were set for the parent for this item and replicate them to this entity.
You can tell what permissions on this folder were inherited from the parent because they are grayed out and you cannot change them.
You can see this group, All Authenticated Users can read, add content, change and delete and you cannot change it because it was inherited from the parent.
Then you’ve also added more permissions on top of that by granting companies, groups and individual users access as well.
Remember, that all users are automatically assigned to the Authenticated Users group. With this inherited settings as it is, all users are able to read, to add content, change and delete information in this folder (except of course for projects, which have their own special permissions settings).
The All Authenticated Users setting invalidates the other permission settings because everyone has all access.
So what you would do in that case, where the permissions are going to differ than the parent, is that you uncheck Inherit permissions from parent option.
You will get a confirmation that you want to do this. Click Ok.
Now you can see that the All Authenticated Users permission is no longer grayed out and you can edit it.
Click on Add content, change and delete to remove those permissions for the All Authenticated Users group.
Now everyone can see this folder, but only certain users associated with the customer, group and the individual user can add content, change and delete.
A best practice is not to manage permissions by individual users, so click on the delete icon next to the individual user to remove that.
For the company permission, click on Change and Delete to remove those permissions.
Now everyone can see the folder.
Users attached to the company or group can add content, but only users attached to the group can change things or delete items.
What are the types of items, besides projects you can add?
To see that, click on Items Allowed.
Here is where you can view and change the different type of items allowed in this folder.
Again, at the top of this form, there is an option to inherit the add menu options from parent items.
Click the check box to uncheck that.
Now you can see that you can add more item types, change the order the item types and delete item types.
You can modify this as required. See for example, you can add a To-Do item.
Click the X next to that to remove it.
You’ll get a confirmation message. Click Ok. Click Save.
On this folder, hover your cursor on the Add icon.
You can see those items types that are allowed to be added. To-Dos aren’t there.
Now click back on the Edit icon.
Click on Items Allowed.
Click on the drop down for Item Type and select To-Do.
Click the Add icon and click Save.
Hover your cursor on the Add icon.
To-Dos are now available to be added again.
You can customize what items are available to be added.
Deny FunctionalityClick on the Edit icon and click on Permissions again.
Click on the X to remove all the permissions that you set previously.
Click on Inherit permissions from parent item to turn that back on.
You’ll get a confirmation message. Click Ok.
You can see that All Authenticated Users Group is back and cannot be changed because it is inherited.
Remember you saw that adding any other permissions via companies or groups or individual users did not make sense, because by default all users had already been granted all access via the inherited All Authenticated Users group.
What you could have done was left this and taken away permissions instead.
To see that, click on the drop down for company and select a company.
Click the Add Permissions icon.
Now instead of granting permissions, uncheck the Read, Add Content, Change or Delete, and instead deny permissions by clicking Deny Read, Deny Add Content, Deny Change or Deny Delete.
What this does is remove read, add content, deny and delete permissions for any users in that company.
We recommend, that you do not use the deny function unless there is a unique exception that requires it.
The reason is that the deny function can over-ride any other settings in the system, even a System Administrator permissions.
Click Cancel to cancel these changes.
Instead of using deny, it is a best practice to set up your system to limit access by default and then grant access when it is required.
Root Level PermissionsTo do that, you want to change what your default permission are.
That needs to be done at the root level.
What we recommended, is that you first create an administrators group, if you do not already have one.
Click on Groups.
You can see that one has already been created. If there isn’t one in your system. Create a group by typing in the gray blank line and then assign users to that group as was shown previously.
It is usually recommended to have at least two users in this group for security and backup purposes.
To set the root permissions, click on the Edit Folders Navigation in the Administration section.
Only system administrators have the functionality to do this.
Click the Edit icon.
You are setting up the very top level permission or root level setting in the system by doing this.
Click on Group.
Select Administrators in the drop down.
Click the Add icon.
Now click the X icon next to All Authenticated Users to remove it.
You have now set the default for any new entities added to have only the Administrators group to have access.
Optionally, you can check on Force Permission Settings listed above on all children recursively.
If you have some folders already setup, you may want to reset permissions on all of them with this option, but only if you haven’t been changing individual folder permissions. If that’s the case, then you should go back and modify them if required individually.
To see the results of that change, click on Projects.
Click the Edit icon.
You will see that only the Administrators Group has been granted full access, not all Authenticated Users.
Now grant permission as required to the other groups or customers that you have setup.
This is a best practice instead of giving everyone access then denying.
Limit access and grant permissions instead.
You may already have the Administrators group and this root level permission setup in your system. If you not, then you can set that.
Advanced Display SettingsOur next topic is Advanced Display settings. Click on that. The most common Display Type is tree and that is the default.
To see what that looks like, click Cancel.
You can see the Projects folder.
Click on the arrow next to a project and you’ll see the items below that.
Click on the arrow next to them to expand and collapse those out.
This is the tree view looks like.
To change that view, click on the edit icon.
Click Advanced Display.
Click on List.
At present it is displayed as a simple list. There is no ability to expand out sections of the tree and see the items below it. This keeps it very simple.
Click the edit icon again. Click Advanced Display. Now Click on List with Page Spanning.
You can enter in the number of items per page. To illustrate that, set it to 3.
You can see that it displays on a certain number of items per page and you can page through the information.
This can keep your page views from being too long and having to load too much data at once.
You have some other options on this page.
Click the edit icon again. Click Advanced Display.
Click on First Letter of Name Search. Click on Text Search.
Now you can do a search on the information by typing in a word.
Click the Search icon.
You’ll see only those projects that match the results.
Erase the search term.
Click the Search icon again to reset it to all.
Click a letter to show only those projects whose names start with that letter.
Click the Search icon.
You’ll see only those projects that match the results.
Click the Search icon to reset it to all projects.
That’s the list view with some different options. You can use that if you have a large number of items in folder.
But in most cases, tree is the most common view so change your view back to that.
Click the edit icon again.
Click Advanced Display.
Click back on Tree.
Leverage Communication SettingsThe last topic to cover is communication settings.
So far you have seen how to set permissions to see who can do what and who can see what.
Communications permissions is another level of permissions you can set.
This is important, because you may not want customers or vendors who are accessing the system to be able to view each other or the resources of each organization.
This is a critical function if you want to give access to these types of users.
If you also have internal staff whose contact information you do not want published to every user, then you will also need communications permissions.
Or you may want to completely segregate one department or division from another and not allow teams to access or view each other’s resources. It is also handy if you have hundreds of users in the system and the resources from one area do not work on projects for other teams.
To see what effect communication permissions have, hover on the My Insight menu option and select Directory.
This is a listing of all the users in the system.
However, if you have a user that you do not want to be able to see every other user in the system, then you can limit this view with communications permissions.
For example, your customers log in to see the status of their projects. If they click on the directory option, you do not want them to be able to see a list of all your internal staff nor do you want them to see the contact information for any other customers.
Groups Communication PermissionsYou can set communication permissions for companies, groups or individual users.
To see how to set up communications for Groups, click the Group icon in the Administration section.
Now click the Edit Communications icon on the line for the All Authenticated Users.
Click Group Communication.
You can see that by default, All Authenticated Users can communicate with all other authenticated users. Basically, all users can see every other user with this setting.
If you need to restrict communications, then you want to apply the same theory with permissions on folders, limit the communications by default and grant communications as required.
To limit communications, double click on the All Authenticated Users group in the drop down of the communicates with these groups box.
This removes that communication ability. Users in the All Authenticated Users group can no longer see any other users.
This communication goes two ways: who this group communicates with which is the first selection
and who communicates with this group, which is this second selection.
So you want to remove all authenticated users from being able to communicate with this group as well.
Do that by double clicking on the group in the drop down in the Groups that communicate with all authenticated users.
Now, as long as there were no other communication permissions set up, this user will not see any other users in the system. Their directory listing would be blank, except for themselves. Nor would they see any companies in any of the companies drop down lists such as on a project.
You’ve taken away all communication permissions, now you need to start granting communication permissions as required.
To do that, click Save.
Click on Companies.
Click on the Edit Communication icon for My Company.
You can see that your Company can communicate with only the users associated with your company.
To enable them to be associated with users of other companies, such as your customers or vendors, click on the drop down and double click on the companies you want them to communicate with.
You can choose multiple ones.
Now users associated with your company can see users associated with your customers or vendors.
You want to ensure that the users set up for customers, cannot see any other customers or your staff list.
Click on the Edit Communications icon for one of the customers.
You can see that this customer can only communicate with other users that also belong to this customer. They will only ever see users that belong to the same company as they do.
However, your company users as well as any users associated with their company can see them because that is what you setup under the communication permissions for your company.
That’s granting communications via companies to company.
You can also grant communications via groups.
To do that, click on Group Communication.
Here you can set what groups this company communicates with.
You can also set what individual users this company communicates with.
To do that, click on User Communication.
That’s taking a company and setting communication rules for it.
You can also do the same thing but from the group perspective.
Click on Groups.
Click on the Edit Communications icon for one of the groups.
You can set up groups to communicate with companies.
Or you can setup a group to communicate with another group. Click on Group Communication.
Or you can setup a group to communicate with an individual user. Click on User Communication.
Lastly, you can set up communications from the individual user perspective.
Click on Users in the Administration section.
Right click on a user.
Click the Edit Communications icon.
You can setup users to communicate with companies.
Or you can setup a user to communicate with another group. Click on Group Communication.
Or you can setup a user to communicate with an individual user. Click on User Communication.
Again, as a best practice we do not recommend that you setup communication permissions based on individual users. It makes it difficult to maintain and increases the chances for errors on permissions settings.
Instead, we recommend you set communication permissions at the company or group level.
That brings us to the end of our session.
To recap, Project Insight has very flexible permissions that can be tailored to match and support your business processes and enable you to give access to a variety of users.
You can set read, add, change and delete permissions on any entity in the system including folders and projects and you can have an entity inherit permissions.
You can set system roles for each individual user.
You can set project level permissions to identify who can do what and see what on a project.
Finally, you can set communication permissions to ensure that users only see what they are supposed to see.