Settings for Role Based Access Control (Beta)

In this article we will present explanations for most of the fields in the newest access control module in Moment.

Customers

  • “View customers” allows you to see and look up all customers.

  • “Administer customers details”: allows you to see customers and change details in the main page of the project.

  • “Administer customer contacts” allows you to edit the contacts for the customer (in time, also the availability to add custom contact for invoices)

  • “View customer economy” can be used only if the user also has checked the box for “View invoices” then you will be able to see the customer’s customer ledger.

Projects

  • “View Projects” allows the users to see all the projects in the company. If this is not checked you can only see the projects you own/are a member of.

  • “Administer project details” allows the user to edit the details of the project (edit on project main page) but not memberships.-

  • “Administer project notes” allows you to add notes in the project’s main page.

  • “Administer project team” allows you to add memberships and edit existing memberships, roles etc.

  • “Administer resource planning” works only together with “view project plan” and “administer projects” and allows to register changes to the project plan (adding hours etc). This also allow you both to see and edit the reservations page.

  • “View project economy” allows you to see invoices for the project

  • “View project e-mails” allows you to see tab for e-mails in the project.

  • “View project product sales” allows you to see product sales if enabled at company level.

Co-workers

  • “View users” allows you to see all users in Moment, along with key info on each of them. This setting does not allow editing of settings for co-workers.

  • “View users” and “View user times records” allows you to see the co-workers and their hours (but you cannot change them).

  • “View Performance Page” works with “View Users” and allows users to see the performance page for users.

  • “Administer Users” works with “View Users” and allows to make changes to the user's settings. It also allows you to see hours registrations but you cannot add hours to the timesheets unless you also have other settings added.

Time Records and Absences

  • “Administer Time Records” will let you see time records for co-workers only if you have the company tab enabled. Then you can only see the records but cannot change them.

  • “Administer Absence” does nothing on its town, but if you have checked to see the company tab, then you can see absences for everybody at company level (everything else equal).

  • “Change Password” does nothing on its own. But combined with “View Users” and “User Administration”, then you will be able to see all the settings on the user and change the password.

  • “View time records” works only with the company tab enabled and does the same as “Administer Time Records”

  • “Administer Company Files” Does not do anything on its own.

  • “Administer time categories” disabled

  • "Edit task membership" If you have checked for “View Users” “View Projects” and “Edit Task Reservation” and “Edit Task Membership” you can create tasks and add members to those tasks even if you are not project member/owner.

  • "Edit task reservation" With “View Users” and “View projects” + “Edit Task Reservation” you can create tasks and add co-workers to the tasks on projects where you are not the owner/or member but where the co-workers you add to the tasks are already members of the project. It is the same if you have “Edit Task Membership” on, either both, or one of them.

Settings

  • "View Company Settings" Without any other access controls checked, “View Company Settings” gets you the ability to see the “Settings” tab at company level with the possibility to see company settings but only change exchange rates and bank accounts, no other settings.

  • "Administer Company Settings" Together with “View Company Settings”, this settings allows you to see all settings for the company and lets you change them, “Administer Company Settings” alone does not allow for any changes and you can’t even see the setup tab.

  • "Administer Company" works only together with "View Company Settings" and "Administer Company Settings". This setting allows for access to all the company's settings.

  • "Administer Expense Categories" allows for extended changes to Travel and Expense types.

Company

  • "View Report": Allows you to see Key Performance Indicators at Company level

  • "View Company Settings": Allows you to see the "Company" tab

Invoices

If project owner, project owner can see all invoices and edit them on the project in which he is project owner. Without any other access control options checked. Invoices can only be seen from the project itself.

  • “View Invoices” allows you to get a tab called “Finance” where you can see invoices for all projects, however you cannot edit or credit them.

  • “Administer invoices” by itself does not do anything, but together with “View Invoices” you will get the tab “Finance” and will be able to send and credit invoices on company level for all projects, even those where the user is not a project owner.

  • “Administer invoices” will also give you the possibility to see “To be Invoiced” and “Payment Reminders” tab under “Finances”.

Expenses and Claims

If no other access control is given, you can only add expenses to the projects where you are project owner.

  • “Add Expenses” you can add and delete expenses you have added but not others expenses.

  • “Administer Expenses” allows to add, edit and delete all expenses in all projects.

  • “Can Create Expenses for Everyone” works only in conjunction with “Co-Workers" > "View Users” . Because otherwise you can't see the co-workers and be able to add expenses.

  • “View Claims” opens a tab under “My Pages” > "Travel and Expense" and this tab is called report and it allows to see a report of expenses for the whole company.

  • “Administer Claims” affects the possibility to attach PDF’s to claims (other than your own).

Tasks

If task support is enabled, you can see your own tasks by default under "My Pages" without any other access control options checked.

  • “View Company Task Tab” Allows you to see the task board at company level and the task report for the entire company.

  • “View Tasks not Assigned to Self” disabled

  • “Assign tasks on projects where you are not project owner” disabled

  • “Add tasks on projects where you are not project owner” disabled

  • “Edit tasks” disabled

Offer

“View company offer tabs” allows you to create new offers and edit existing offers. However, with no other extra access rights, you cannot create new projects based on offers. To be able to connect offers to projects or to create new projects based on offers you will need to have the following boxes checked under “Projects”.

How to test Role Based Access Control settings

As you can see from the explanations above, combining different access control settings when defining a new role can be relatively complex. Because of this we have added the possibility to test the Access Control Settings. To do this, you can go to Co-Workers > settings > access and then you can click "Test Access" and you will be able to see the effects of the chosen settings combination: