Permissions in Clarizen allow your organization to compartmentalize work items, issues and other objects to be available only to users who have a relevant role related to that object.
A user who creates a new work item or issue can control who will have authorization to see and/or edit the object by controlling the roles on the object.
Why Do I Need Permissions in Clarizen?
- Expose relevant data only to relevant users
- Allow Managers to access their Direct Reports' data
- Restrict external users from accessing an organization's internal information
- Restrict access via non-Clarizen tools and integrations (Excel plugin, iCal, InterAct, etc.)
Note: To learn more about the relationships between user types, roles and permissions, see Introduction to User Types, Roles, and Permissions.
- Basic and Enhanced Modes
- Enhanced permissions project visibility
- Permissions and User Types
- Time Tracking
- Direct Manager Special Permissions
Basic and Enhanced Modes
There are two modes, Basic and Enhanced.
All objects are read-only by all users in the system.
To edit work items, a user must have a role.
A user must have a role to read or edit projects, milestones, and tasks
Resources have full visibility into the project entities
Resources have visibility depending on their user role(s)
Enhanced permissions project visibility
The Enhanced permissions project visibility system setting is relevant in the following cases:
- Only for the following 2 user roles: Owner user role at a work item level, and the Resource role at a project or work item level
- Only when the Permission level (see above) is in Enhanced mode
When enabled, the Resources assigned to a project has full visibility into the project structure.
When disabled, the Resources assigned to a project cannot view the entire project unless they are assigned to a work item within the project. In such a case, they can access the assigned work item and all its sub-items.
For more about accessing the settings, click here.
Permissions and User Types
The matrices below show access options for different user types and roles by Permissions mode.
Access for User Types
Note: Even when the organization is working in Basic permissions mode, External users are always in Enhanced mode. Super User permissions override the permissions mechanism and the user role restrictions, and provide access to all work items and issues, risks and requests at all times.
Access by Internal/External Resources
The following matrix shows what permissions an internal user has as a resource in various locations in the project hierarchy, and depending on the current project screen.
The Internal user (assigned Basic or Enhanced permissions) anywhere in the Parent project level (Task, Milestone etc) will have access to view the entire project. When a resource is assigned permissions within a sub-task, the user will be limited to the information contained within the sub-project (and does not have access to the Parent project).
The following matrix shows what permissions an external user has as a resource in various locations in the project hierarchy in the current project screen.
As an external user, the Basic and Enhanced permissions are more specific.
When assigned as an external user on the Parent level, the user will not be able to view any part of the project.
When assigned to a milestone, the user has access to the project, milestone and task directly associated to the assigned milestone. However, the user will not have access to any view beyond those specified.
When assigned to a task, the user is limited to task and sub-tasks within the task and no additional views are available.
When assigned on a sub-project level, the user's view is limited to the specific sub-project and related milestones and tasks for the sub-project with no additional views.
Access for Other Roles
The matrix below shows the permission type and extension of other roles in the project.
A user can report hours on specific tasks where they are a resource or have rights to report due to their role as project manager.
Direct managers are able to select one of their team members from the list to report hours on their behalf.
In the expenses subsystem, a user can create and approve expense sheets if they have the appropriate management and/or financial permissions.
Direct managers are able to select one of their team members from the list in order to create expense sheets on their behalf.
Both internal and external users can search for objects via the search and find windows. The resulting content is limited to objects where the user has at least viewing rights.
Reports are available to both internal and external users.
The same permission rules are applied for both predefined system reports and custom reports created by the end user. Some of the predefined system reports are available only for specific users according to the user type and their special permissions.
Direct Manager Special Permissions
In addition to the rights driven from a user's direct role on an object, a user also has a read-only rights on objects from their organizational position of being a Direct Manager of other users.
As a Direct Manager, one can access any Direct Report's objects in Clarizen (such as work items, issues etc.) via the various modules.
A user's Direct Manager is defined in the user property card.