Twproject security model has been designed and refined in years, and it’s now the most complete and safe model you could have.
Since we added a new permission in the latest release, dedicated to assignment expenses management, we decided to write a new post to explain in details how the Twproject security model works, and what you could expect when you start working with it:
What is a role?
In Twproject a role is a set of permissions, telling to the system what a user can do. We have 2 different kind of roles: a global one, giving you permissions on all entities in the system and one at project level, defining permissions on projects’ connected entities only.
The global role is assigned to a resource when you activate its login.
When, instead, you assign one of your colleagues (“resource”) on a task you have to specify a project role. In this way you will be sure that resources will see only what they are involved in.
For more details about how create and modify roles check our user guide here:
When you first start using Twproject, no matter if you are on your local machine or on our demo, you will have a pre-loaded set of roles and permissions.
This roles have been created and refined in years and fits 90% of cases, so you will probably not need to change them at all.
When you create your first assignment you will find these roles:
Project manager: Can manage the entire project, for example can change dates, create subtasks, add todos and assign new resources.
Worker: Can insert worklog, manage issues and documents on the project .
Stakeholder and Customer: Can monitor the project without changing anything and add todos.
Choosing one of them, you will define the allowed operations for that resource on that task.
The main permissions involved in managing projects and resources are the following:
Resource read: Allows to read resources. Used with the “assignment create” and without the “resource manage” permission, it lets you assign from your team only.
Resource manage: It allows to manage the work of all resources, and assign all of them if used with the “assignment create” permission(global role).
Task read: Allows to read tasks.
Task create: Allows to create tasks.
Task write: Allows to write tasks, for example change dates and status.
Assignment create, read, write: It allows you to create, read, and write assignments, the list of assignable resource depends if you have the “resource manage permission” or if you manage a team.
Worklog manage: Allows to manage worklog, approve it, bill it of resources involved in the project.
Expenses manage: It allows you to manage the expenses of resources involved in the project
Roles have several other permissions for managing costs, documents and much more but they are not the focus of this post. Checking the roles’ page you will see that we have a permission for almost every entity in the system, making of Twproject the most flexible project management software.
The resource chart – manage your team
Another way to give permissions to a resource in Twproject is creating teams with the responsible person. When a resource is defined as the manager of the team he will be able to check his team allocation, active projects, inserted worklog, resource workload and so on.
This will be possible even if the manager is not assigned on the same task of his team, simply by creating the company structure in the resource section.
Who & What (real life examples)
We have a senior project manager that can assign all resources on his projects and a junior one that should assign only resources from its team
In this case you need two different roles: the senior will have the default permissions(resouce-manage on global role), the junior instead, will not have the “resource manage” permission, in this way he will be able to assign only the resource on his team (he is manager of).
In my company there is single person, not assigned on any task that check worklogs and assignment expenses and mark them as approved for billing, how can I manage this?
In this case you have to give an higher level role (security tab in resource editor) to this resource including the “worklog manage” and the “expense manage” permissions.
We have a pmo managing the workload of all our resources, he is not assigned on any task
Here you will need an higher level role (security tab in resource editor) including the “resource manage permission”, in this case the resource will be able to monitor and change the workload of all resources and their plan.
We want to always assign resources from our own team
Just create your resource chart according to your team structure and then remove from the project manager role the “resource management” permission.
As I said analyzing examples above, you may need to customize your roles to let Twproject fits your work habits, this can be easily done from the admin section where there is a dedicated page to roles where you can add and remove permissions.
When you do that always remember the mining of the different permissions as explained above.
Twproject security model is really refined, it lets you manage permissions both, at company and task level easily, having everything under control. Having such a complex structure will ensure your that your resources will be allowed to see and manage only things they can actually work on.
For more details about Twproject security model check our user guide here: