Item properties are the most common and work very similar to operating system permissions when used on file servers to allow or restrict access to folders. We often refer to these permissions as those which determine who gets to see what. Item permissions are categorized as Read, Add, Change, Delete, and are usually managed at the folder level. They can also be applied on specific items within folders (rarely recommended) when needed. Item permissions are usually set based on a user's Group or Company association, and can also be set on a user-by-user basis.
User System Roles determine the global capabilities for the users. System Roles may be set to specific users as System Administrator, but this does not automatically give the users full item-based permissions. Rather it gives them access to tools which control the item permissions and can override settings which may have otherwise restricted their access to items and functions.
Communication Settings are different from item permissions in that Communications permissions allow or restrict who gets to see who versus who gets to see what. In many cases the user directory, which everybody can access, will provide a listing off all Project Insight users. If you have competing vendors or customers accessing Project Insight you might decide that you would prefer that they don't see each other in the user directory or even the existence of each other's companies and groups throughout many of the selection interfaces.
Special item permissions are necessary to enhance the logical functions within certain types of items. These permissions may grant greater or lessor access to certain item functions which are often based on roles and functions designated within the items. For example, a project may get created in a folder with full access rights to many users, but much of the project data is protected from changes by any users who are not designated within the project as Project Managers or Project Schedulers. The task item properties may still contain Read, Add, Change and Delete permissions for users who are simply designated at Resources on the project, but the project is still protected from scheduling edits by these users. Items which have extended rules either by default or by system administrator option are as follows with a brief, high-level explanation of the special permissions and exceptions. More detailed information is contained within the item specific help topics and Community training materials:
Project Permissions - Scheduling data edits require the resource to be assigned to the project as a Scheduler or Project Manager. Budget data is visible only to Project Managers on the project and users with Project Resource Roles which allow budget data in reports.
Issues - Assignees with read only access are able to change issue data fields.
Approval Requests - Assignees with read only access are able to approve requests.
Custom Fields - Item based permissions can be extended as a global rule using advanced settings within the configuration of the custom field for editing rights to read only or assignee users.
Workflow - Assignee rules allow the execution and completion of the workflow process.