Post

2 followers Follow
1
Avatar

Roles?

Where does an admin set and change permissions for roles?  Or even see what they are? 

I've searched everywhere I can think to, searched the documentation, and also searched the knowledge base which refers to going to Settings>Users, but no such option exists in the current version.  I've searched under People. I've searched under Settings>System Settings>Organizations, Users, Licenses.  Still no luck.

FYI I have set user roles under Settings>System Settings>Organizations, Users, Licenses to Enhanced.

I'm also not clear on why the documentation describes these system roles:

Yet when I create and assign a user type the options I see are:

  • Admin
  • External User
  • Team Member
  • Full
  • Tim & Expense
  • Social
  • Email

So similar but different.  Is the user type different than a user role?  The documentation on user roles and permissions seems really weak.  Clarizen may just have a different way of presenting the info but in most applications I am used to easily finding a single command center where I can see all systems roles and the permissions assigned to them.

Edit: OK, I see that under "more info" I can also define whether a user is a financial user etc.  But I still would like to know where I see what permissions each user type has.

Thanks!

Project_Manager Answered

Please sign in to leave a comment.

24 comments

0
Avatar

I also have the same question about where I would see the permissions that are defined for project specific roles.

Here's another example, let's suppose I don't want certain users to be able to delete tasks?  Where would that be defined?

Thanks

Project_Manager 0 votes
Comment actions Permalink
0
Avatar

Hello,

Our documentation is a little out of date but let me double check and get back to you soon regarding your original question since this might be a long reply.

Tom Do 0 votes
Comment actions Permalink
0
Avatar

Thanks Tom.  It can't come too soon because I've completely given up even trying to figure it out, some of the user roles aren't even mentioned in documentation and since there is none I can't male heads or tails out of why a user might or might not see something.  As an example I created a Team User.  They can see risks, issues etc. but not projects, not even if they are assigned to them.  Meaning projects can't even be selected ion the side navigation, they don't exist.  Is that normal for a Team User?  And what defines what does and doesn't show up for them in the side navigation bar?  It doesn't seem to be a profile, because I've assigned them to a Profile that shows projects, yet when they selects that profile projects does not appear in it.

Project_Manager 0 votes
Comment actions Permalink
0
Avatar

David, 

I agree with you and Tom, we are definitely lacking in some areas within our documentation and this is one of them. We are working on it and have been escalating Documentation Enhancement requests as they come in. This is another example of that. In the meantime, we can take your questions (that we are not able to fully answer) to our Product team to get the information you require. 

Lets start with what you have mentioned. It looks like your primary concern is with the detailed permissions of a user with a Team Member License. This is missing from the User Manual. I will submit a Documentation Request to update the User Manual with this information and in the interim, a full explanation of the Team Member user Role, what is meant to be used for, default permissions and any other information that can be passed. 

 

Sincerely, 

Boris

Boris Krutiy 0 votes
Comment actions Permalink
0
Avatar

Boris, what I'd really like to know is, is there any place in the software settings that I can see what roles have what permissions?  Or is it all hard coded in and can't be viewed?  The Team Member question was just one example.  When your folks update the docs I'd like to suggest a simple comparison matrix with dots would be the best way by far to communicate this.

Thanks!

Project_Manager 0 votes
Comment actions Permalink
0
Avatar

One other thing.  What I would really like to know is what defines what a user can see?  As an example I created  Team User.  That user does not appear to have permissions to see other users tasks etc....BUT if a Team User goes to People and selects another user they can see ALL the other users work items there!  They can't open them, but they can see them.  That seems unusual to me - that they can't see them in the normal views but can in the People view.  We aren't big on secrecy but there are times we need to have a division of confidentiality and I need to know when a User can see others work items and when they can't.

Thanks!

Project_Manager 0 votes
Comment actions Permalink
0
Avatar

Hi David,

In terms of Team Members, this is a summarized version of what a Team Member can see. Please refer to my link:

http://www.clarizen.com/pricing/pricing-comparison.html

I apologize for the late reply. I am still in the process of seeing if I can get the right information so I don't give you the wrong info regarding user roles. 

Tom Do 0 votes
Comment actions Permalink
0
Avatar

Thanks Tom, that's very helpful, and exactly the type of matrix I was talking about.  So now I see those are really less "role" types per se and more just license types that turn various capabilities on and off.  Got it.

So now what I still need to understand is how I would control what users see, hopefully I can.  For instance I don't want one user to be able to click on another user under "People" and see all of that users work items.

Thanks again.

Project_Manager 0 votes
Comment actions Permalink
0
Avatar

David, 

Now we have had a few updates/enhancements such as Profiles and subsequent Permission enhancements that this relates to as well

 

Sincerly, 

Boris

Boris Krutiy 0 votes
Comment actions Permalink
0
Avatar

Thanks!  I'm starting to have a much better understanding now.  Previously there were some things that were confusing such as "why isn't this user seeing all the items for the profile I've assigned them to?" but now I realize the license limitations (team member) just take the profile they are assigned to and automatically remove items the license doesn't cover.

At this moment I have one major question - is there any way to stop a Team Member or Full User from clicking on another user and seeing all of the other users work items?  I've even created a Profile that removes the People section but that *still* doesn't solve the issue, because there are so many different ways a user can click on another user.

I suppose I could try to create a profile that turns off every single field that would allow them to click on another user but that seems a little crazy, and like it would also mean removing things they need to see, like who else is assigned to the task.  If it's not a bug it almost seems like an oversight on the programmers part that certain users can only see their own work items and/or work items for projects they are assigned to, yet by clicking on another user can get past that limitation and see all other work items?

Thanks again for all the answers.

Project_Manager 0 votes
Comment actions Permalink
0
Avatar

And another question?  I've created a Full User.  According to the matrix Tom posted Full Users get access to team views.  But when I select a team view as a full user, I'm not able to see anyone but myself in the left hand pane.  Nor am i able to add anyone but myself, the + command on the lower left is grayed out.  Confused :-).

Project_Manager 0 votes
Comment actions Permalink
0
Avatar

Hi David,

For team views, full users will have visibility but to edit this panel, you would need to be an admin.

Tom Do 0 votes
Comment actions Permalink
0
Avatar

Here is a screenshot of me logged in as a Full User, with the team view selected.  As you can see only I show up.  What setting defines who shows up here?

After taking this screenshot I used my Admin user and assigned the Full User to myself as a Direct Report.  Then a few minutes later as the Full User I was suddenly able to see other people show up in Team View.  Is it that I assigned them as a Direct Report?  I'm not clear on what defines "My Team".  Does that question make sense?

Project_Manager 0 votes
Comment actions Permalink
0
Avatar

i.e. I am not clear on what defines WHO shows up for each user under "my team" when they select the team view.

Project_Manager 0 votes
Comment actions Permalink
0
Avatar

I see... Thank you for the screen capture that explains this for us. In order for users (other than yourself) to show up here, you have to their "Direct Manager". So if you go to a user's Propery Card, there are two fields called 'Direct Reports' and 'Direct Manager'. 

It is pretty clear but Direct Reports shows the users that report to you and Direct Manager shows that user's Direct Manager. 

For the Team View, the Direct Manager will see the users that are specified as 'Direct Reports' or the users that have you as their Direct Manager. 

Hope that does not seem confusing but it can be due to the two fields.

 

Sincerely, 

Boris

Boris Krutiy 0 votes
Comment actions Permalink
0
Avatar

I do think your permissions are alittle contradictory. Take for example a Team member. If they are assigned as a Resource to specfic tasks in a Project, they can only see those assigned Tasks. I have been told by our Customer Success Manager it is because they are a Team member. They cannot even see Tasks/Milestones of the Project they are assigned to in read only mode.  There is a but though......if you share the Roadmap Widget say via an email, they can see the tasks etc! Absolutely nuts they cannot access Clarizen and view (in read only) these workitems within the producy BUT they can via a shared widget?!

 

Madness.

Gareth Bradley 0 votes
Comment actions Permalink
0
Avatar

Gareth, 

We welcome your continued input and feedback on Clarizen Functions. If you feel strongly about these permissions, I strongly suggest creating a new post in the Suggestions & Ideas section of the forum and we will escalate to the Product team. 

As for the permission issue, you can have a User with a Full User license that when they add a related work item to a Request, they are able to see (read-Only) the work item, even if it is a Project. 

 

Boris Krutiy 0 votes
Comment actions Permalink
0
Avatar

I don't think this was ever answered and is (I hope) my last main question about roles:

"is there any way to stop a Team Member or Full User from clicking on another user (that is part of their team) and seeing all of the other users work items?"

Just because someone is a team member does not mean they should be able to see all work items for other team members for projects they are not even involved in.

Thanks!

Project_Manager 0 votes
Comment actions Permalink
0
Avatar

Hello,

As of right now, I believe the only way is to do a customization that would prevent the users with team member license to access other users. 

Tom Do 0 votes
Comment actions Permalink
0
Avatar

I'm really surprised this has not come up as a major issue with corporate clients but maybe I'm missing something.  This basically that if I want to make a subcontractor a full user (and I will), they get to see every single thing every other team user is working on.

Project_Manager 0 votes
Comment actions Permalink
0
Avatar

Just an FYI for anyone else who reads this thread and has similar security concerns, I discovered that setting:

Settings>System Settings>Organizations, Users, Licenses> 8.12 Show related items without permissions

...to "Do Not Show" solves the issue of people being able to see the titles of things they do not have permission to access,

 

 

Project_Manager 0 votes
Comment actions Permalink
0
Avatar

Sorry, last sentence of last post was somehow accidentally pasted in error, please delete it so robots don't pick it up and start spamming it, thanks

Project_Manager 0 votes
Comment actions Permalink