Assign User Permissions
Permissions are assigned to modules according to the user or user group.
There are also operations (columns) within modules that can be performed by every user. These operations are View, Create, Edit, and Delete. That makes a sort of matrix where you need to enter the levels of permission in every cell for the performance of given operations in each module.
Levels of authorization
You can set whether the users from a given group can perform the above-mentioned operations (View, Create, Edit, or Delete) and also the range of items to which the permissions will be related.
It should be noted that if a user belongs to several groups (for example User and Administrator), he gets the combination of higher permissions from both groups. Our user, the administrator, would have administrator permissions, i.e. permissions for all modules.
|
All items (ALL) |
Operations can be performed without restrictions (for example, see all items from the current module) |
|
Items related to my Projects, Companies and Contacts (INHERITED) |
The execution of the operation is limited to the existence of a link between subordinate items (mostly activities) and superior items (projects, companies, contacts, or opportunities) that the user is authorized to see. |
|
Items from the same group as me (GROUP) |
The operation is allowed only if the user is linked with the same category (group) as the item with which the user wants to work. This could mean that the user only sees items linked to the group to which the user belongs. |
|
Items related to me (RELATED) |
The user obtains permissions for items that are directly related to him. For example, the user who is on a project team can write time sheets for this project. |
|
Only my items (OWN) |
The user has permission only to the items he created. For example, he can only change a time sheet he made himself. |
|
No items (NONE) |
No permission for any items. |
Example of Permission Use
Contacts can be sorted into two groups: Public and Private. Then you will sort the users into these groups and they will only see contacts from their group.
GROUP permission is assigned in the same way as other permissions. For example, if GROUP permissions are set in the group PM, the user will only see the items from this group that are related to the same category as the user. A permission doesn’t have to be assigned to a specific category, but rather directly to a group to which other permissions have already been assigned.
If you have groups with similar permissions, you can simplify the permissions assigned by their copying.