1. Home
  2. Administration
  3. Roles and permissions – overall overview

Roles and permissions – overall overview

This article is addressed to all those who are administering users’ rights, roles and competences of the users.


Overall Overview

By default in Epicflow we have defined the next three roles: Administrator, User, Resource Manager, Project Manager and Pipeline Manager. Nevertheless, such a set of roles can be extended or changed depending on functions and responsibilities. 

Administrator is allowed to use all the functionality in the system as well as add and define other roles. For more information, please check the “Roles” section.

User is a team member or employee in Epicflow. By default, User has access to the system functionality that he or she needs to view tasks, but the Administrator can change it upon request. To learn more, visit the “Roles” section.

Resource Manager can see all the information and perform actions related to resource, capacity, and availability management. For more information, please check the “Roles” section.

Project Manager can view all the information and perform actions related to a project. For more details on what the Project Manager can do, refer to the ‘Roles’ section below.

Pipeline Manager – can view and perform actions related to a project portfolio. Release projects to the organization and set priorities between projects by setting milestones. To learn more, visit the “Roles” section.

Screen #1 – Admin Page

This page contains the list of basic roles and permissions determined for users.

  • To edit permissions for any created role, click on the name of the role and select the scope of the permissions on the right side of the screen to edit it.

Then click the ‘Save’ button on the right up corner to apply the changes and you’ll instantly see them.

  • To create a new role you should copy one of the existing. To do so, you should hover the mouse cursor over the role name and use the pop-up element Copy.

New role will appear with addition of the prefix “Copy” to the name. Select this role and change the name by hovering the mouse cursor over the role name on the left side of the screen. Here you can choose the permissions you want to add to a new role.

When you finish checking permissions, click Save to apply the changes.

You’ll see the implemented changes immediately.

Screen #2 – Specifying New Roles 

List of Permissions

All permissions are grouped by next sections: 

  • Global permissions
  • Project permissions
  • Tasks, Summaries and Milestones
  • Users permissions
  • Groups permissions

Global permissions

Defines access to different functionality-modules\parts of the system. 

Screen #3 – Global permissions

  • Export Reports:
    • No access – User is not allowed to download reports
    • Basic – User is allowed to download only basic reports
    • Advanced – User is allowed to download basic and advanced reports
  • Timesheet
    • No access – User is not allowed to view Timesheet;
    • Only own – User is allowed to view personal tab;
    • My group – User is allowed to view personal tab with users from his group (Group tab with his groups is available);
    • All accessible
  • View Historical Load graphs
    • No access – User is not allowed to view Graphs page;
    • Only own – User is allowed to view only 1 option “Only me” on Historical Load;
    • My group – 2 options are available: “Only me” and “My groups” on Historical Load (“My groups” shows the list of user’s groups);
    • All accessible – All groups are available due to group scope the user can see;

If there is a group that is out of scope, even at “All accessible” selection, it still would be unavailable. In case an out of scope group is within a Multi-group, it would be shown as a part of “Other resources”.

  • View Future Load graphs
    • No access – User is not allowed to view Future Load tab on Graphs;
    • Only own – Only 1 option “Only me” is available on Future Load;
    • My group – 2 options are available: “Only me” and “My groups” on Futurel Load. “My groups” shows the list of user’s groups;
    • All accessible – All groups are available due to group scope the user can see;
  • View Remaining Weeks graphs
    • No access – User is not allowed to view Remaining Weeks on Graphs;
    • Only own – Only 1 option “Only me” is available on Remaining Weeks;
    • My group– 2 options are available: “Only me” and “My groups” on Futurel Load (“My groups” shows the list of user’s groups. If user enter any of your groups, you can see this user in it.);
    • All accessible – All groups are available due to group scope the user can see;
  • View Dashboard – User is allowed to view the Dashboard page;
  • View company Future Load graph – User is allowed to view the Future load graph that shows load for groups/resources from all projects, even if user’s scope of projects is limited;

If “No access” is selected, then “View company Future Load graph” will not work. So it is active only when “View Future Load graphs” permission has option “All accessible”.

  • View Dashboard – User is allowed to view the Dashboard on menu left bar;
  • View company Future Load graph – User is allowed to view the Future Load Graph tab on Graph;
  • View Burnup Graphs – User is allowed to view the Burnup Graph tab on Graph;
  • View general Task List – User is allowed to view the Task list tab on Task list menu (There are tasks from active projects, limited by scope of projects user can see);
  • View Group Task List – User is allowed to view the Group tab on Task list menu
  • View Pipeline – User is allowed to view the Pipeline on menu left bar (Please note that “View Pipeline” has higher priority then View Gantt chart, View Quick Edit mode and Module library);
  • View Resources Management – User is allowed to view the Resources Management page;
  • Use What-If Analysis – User is allowed to apply what-If analysis;
  • Use What-If Simulation – User is allowed to make simulation;
  • System Maintenance – User with administrator role is allowed to import and export data files.
  • Role Administration – Roles & Permission tab is available on the Settings page. It is possible to create/ edit/ delete roles;
  • Competence Administration – User is allowed to administer Competences in settings;
  • Attribute Administration – User is allowed to view list of attributes in settings;
  • Manage Attributes – User is allowed to manage attributes (Tasks, Summaries, Milestones, Users and Groups cards);
  • Create Project Group Tag – User is allowed to create group Tag;
  • Create Project Tag – User is allowed to create Project Tag;
  • Create Task/Summary/Milestone Tag – User is allowed to create Task/Summary/Milestone Tag;
  • Create Group Tag – User is allowed to create Group tag;
  • Create User Tag – User is allowed to create User Tag;
  • Create & Manage Project Groups – User is allowed to create and manage project groups;
  • View and manage Import – User is allowed to view the Import page. Note: Jira integration; NOT USED
  • Sync Microsoft PPM and Epicflow – User is allowed to synchronize with MSP;
  • View Global Resource Pool – User is allowed to view the Unmapped resources tab on Resources Management page;

Relation Manage Attributes in Global permission with the Tasks, Summaries and Milestones card fields Enable Manage attributes to use task attributes

Project permissions

Defines functionality and actions allowed to be performed by the user with the project itself.

Screen #4 – Project permissions 

  • Scope of project groups – specifies scope of projects groups which will be visible for the user
    • All project groups – All project groups that exist in the system;
    • My Entity Projects Groups – All project groups for the Entity;
    • My Business Unit Project Groups – All Project Groups for Business Unit;
    • Include customized list – User can see Project Group(s) from specified list in this permission;
    • Exclude customized list – User can NOT see Project Group(s) from specified list in this permission;
  • View scope of projects – Specifies the scope of projects visible to the user. You can combine multiple conditions by adding several scopes
    • My entity projects
    • My business units projects
    • Owning project manager – All projects in which the user is assigned as a project manager or projects that the user has uploaded;
    • Own projects – User can see only projects where task(s) assigned to him/her;
    • My group projects – User can see projects where task(s) assigned to his/her group(s);
    • My group scope projects – User can see projects where task(s) assigned to group(s) specified in Groups Permissions Scope;
    • Include with attribute(s) – User can see projects with some specific attribute(s);
    • Exclude with attribute(s) – User can NOT see projects with some specific attribute(s);
    • Include with tag(s) – User can see projects with some specific tag(s);
    • Exclude with tag(s) – User can NOT see projects with some specific tag(s);
    • Include customized list – User can see project(s) from specified list in this permission;
    • Exclude customized list – User can NOT see project(s) from specified list in this permission;

Screen #5 – View scope of projects

  • View & manage projects – specifies scope of projects which will be displayed and can be managed by user. You can combine multiple conditions by adding several scopes.
    • My entity projects
    • My business units projects
    • Owning project manager – All projects in which the user is assigned as a project manager or projects that the user has uploaded;
    • Own projects – User can see and manage only projects where task(s) assigned to him/her;
    • My group projects – User can see and manage projects where task(s) assigned to his/her group(s);
    • My group scope projects – User can see and manage projects where task(s) assigned to group(s) specified in Groups Permissions Scope;
    • Include with attribute(s) – User can see and manage projects with some specific attribute(s);
    • Exclude with attribute(s) – User can NOT see and manage projects with some specific attribute(s);
    • Include with tag(s) – User can see and manage projects with some specific tag(s);
    • Exclude with tag(s) – User can NOT see and manage projects with some specific tag(s);
    • Include customized list – User can see and manage project(s) from specified list in this permission;
    • Exclude customized list – User can NOT see and manage project(s) from specified list in this permission;

Screen #6 – View & manage projects

  • Create Project – User is allowed to create a new project;
  • Move project to active / inactive – User is allowed to move project from active to inactive and vice versa;
  • Manage single project leveling – Possible to level (single project) in QEM
  • Manage Prediction – Possible to use Prediction planning Type on Pipeline, in QEM, Task List Group View and on Future Load graph
  • View Gantt chart – User is allowed to expand projects (This permission will be available if “View Pipeline” is ON);
  • View Quick Edit mode – User is allowed to open a project in Quick Edit mode (This permission will be available if “View Pipeline” is ON);
  • Delete Project – User is allowed to delete project(s) from inactive area (This permission can be applied for scope of “View and Manage projects”);
  • Close project and set deletion date– User is allowed to close project(s) and set deletion date;
  • Manage relations – User is allowed to manage relations on Gantt and on task cards (If View and Manage Projects is limited for some projects, it would be impossible to manage relations);
  • Baseline
    • No access – Impossible to switch baseline on/ off, impossible to view baseline on Timesheet, task card, assignment pop-up, Quick Edit mode;
    • View – Impossible to switch baseline on/off, but possible to view baseline on Timesheet, task card, assignment pop up, Quick Edit mode;
    • Manage – Possible to switch baseline on/ off and possible to update to current or reset to zero baseline on Timesheet, task card, assignment pop up, Quick Edit mode;
  • Project approved budget
    • No access – User can NOT see and edit Approved budget and Remaining budget in mh in project card;
    • View – User can see Approved budget and Remaining budget in mh in project card, but can NOT edit this value;
    • Manage – User can see and edit Approved budget and Remaining budget in mh in project card;
  • Project financial info
    • No access – User can NOT see and edit Project financial info in € in project card;
    • View – User can see Project financial info in € in project card;
    • Manage – User can see and edit Project financial info in € in project card;
  • Module library
    • No access – No Module library button on Pipeline top right corner;
    • Use – Possible to open Module library and drag templates to the projects;
    • Manage – Possible to create and delete templates for Module library and use them;
    • Administer – Possible to manage Module Libraries, allowing you to perform actions such as editing module library names and deleting module libraries.

“Module Library” permission is disabled if “View Pipeline” from “Global permissions” and “View Gantt” from “Projects Permissions” are NOT set.

To drag task to the project from Module library, user must have Manage Tasks: Only own / My Group / All accessible, otherwise it is impossible to drag tasks to the project

  • Project card
    • No access – Impossible to open project card from Pipeline and Timesheet;
    • View – Possible to open and view all fields in project card (with Advanced options) from Pipeline and Timesheet but impossible to edit;
    • Manage – Possible to open, view and edit all fields in project card (with Advanced options) from Pipeline and Timesheet;
    • Advanced – allow to set up conditions in “Project card fields”:
    • Project Name
      • View – Possible to view project name;
      • Manage – Possible to manage project name;
    • Dates
      • View – Possible to view project dates;
      • Manage – Possible to view and edit project dates
    • Business value
      • No access – Impossible to view project business value;
      • View – Possible to view project business value;
      • Manage – Possible to view and edit project business value
    • Project Manager
      • No access – Impossible to view project manager (Impossible to filter project out by project manager on Pipeline, Timesheet (group tab), Task list, QEM”);
      • View – Possible to view project manager;
      • Manage – Possible to view and edit project manager
    • Tags
      • No access – Impossible to view tags in project card (Impossible to filter on project tag on Pipeline, Timesheet. No project tag in report);
      • View – Possible to view project tag(s);
      • Manage – Possible to view and manage project tag(s);
    • Attributes
      • No access – Impossible to view attribute(s) in project card (Impossible to filter on project attribute on Pipeline, Timesheet. No project attribute in report);
      • View – Possible to view project attribute(s);
      • Manage – Possible to view and manage project attribute(s);
    • Permission tab
      • No access – Permission tab is absent on project card;
      • View – Possible to view permission tab;
      • Manage – Possible to view and add resources to the project and give them role for this project on permission tab;
    • Budget settings tab
      • No access – Budget setting tab is absent on project card;
      • View – Possible to view budget settings but impossible to edit it;
      • Manage – Possible to view and manage Budget setting tab;
    • Info tab – User is allowed to view Info tab;
    • Project risk buffer
      • No access – Project&Info tab becomes Info tab. Project risk buffer is absent;
      • View – Possible to view project buffer on Project risk buffer tab;
      • Manage – Possible to view and edit Project risk buffer from dropdown;
    • Booking ID
      • No access – Booking ID is absent on project card (Booking ID is absent in report”);
      • View – Possible to view Booking ID;
      • Manage – Possible to view and manage Booking ID;
    • Project group
      • No access – Project group is absent on project card (Project group is absent in report”);
      • View – Possible to view Project group;
      • Manage – Possible to view and manage Project group;

Tasks, Summaries and Milestones 

Defines functionality and actions allowed to be performed by the user with the Tasks, Summaries and Milestones.

Screen #7 – Tasks, Summaries and Milestones

Create and delete Tasks – User is allowed to create task from Pipeline, QEM, Task list;

  • View scope of tasks – you can define permissions for users to view tasks from a specific scope by combining different conditions.
    • No access – user doesn’t have access to view tasks.
    • Only own – users can see tasks to which they are assigned.
    • My group(s) – users can see tasks assigned to their group.
    • All my group scope – user can view tasks for groups specified in the Group Permission Scope
    • Include with attribute(s) – it’s possible to include tasks with specific attribute(s)
    • Exclude with attributes(s) – it’s possible to exclude tasks with specific attibute(s)
    • Include with tag(s) – it is posssible to include tasks with specific tag(s)
    • Exclude with tag(s)- it is possible to exclude tasks with specific tag(s)
    • All accessible – users can view all accessible tasks in a project where they have permission.
  • View & manage tasks – you can define permissions for usersto view and manage tasks from a specific scope by combining different conditions.
    • No access – user doesn’t have access to view & manage tasks.
    • Only own – users can view & manage tasks to which they are assigned.
    • My group(s) – users can view & manage tasks assigned to their group.
    • All my group scope – user can view & manage tasks for groups specified in the Group Permission Scope
    • Include with attribute(s) – it’s possible to include tasks with specific attribute(s)
    • Exclude with attributes(s) – it’s possible to exclude tasks with specific attribute(s)
    • Include with tag(s) – it is posssible to include tasks with specific tag(s)
    • Exclude with tag(s) list – it is possible to exclude customised tasks with specific tag(s);
    • All accessible – users can view and manage all accessible tasks in a project where they have permission.
  • Create and delete Tasks – User is allowed to create task from Pipeline, QEM, Task list;

This permission is dependent on scope of View and Manage projects, so it is possible to create tasks only for scope of projects specified in View and Manage projects permissions.

  • Suggest resource – User is allowed to use option suggested resources
  • Manage Summaries – User is allowed to create, edit and delete summaries from Pipeline, QEM and from task card;
  • Manage Milestones and Phases – User is allowed to create, edit, drag milestones on Gantt and delete, also create and edit and delete phases (This permission is disabled if View Pipeline is Off);
  • Manage group assignments
    • View – user is allowed to view group assignments;
    • My group – Possible to reassign tasks which assigned to your groups (Anyone or Generic user from your group) to your groups (without users);
    • Budgeted group – Possible to reassign tasks which assigned to Budget to another Budgeted group;
    • All manageable tasksUser can manage groups’ assignments in tasks specified in View & manage tasks scope.
    • All accessible – Possible to reassign all available tasks assigned to any groups to any groups;
  • Manage user assignments
    • View – user is allowed to view users assignments;
    • Only own– user is allowed to view only own assignments;
    • My group – Possible to reassign tasks which assigned to your groups/ users from your groups to users from your group or your groups;
    • Budgeted users – Possible to reassign tasks which assigned to Budget to another Budgeted user.
    • All manageable tasks – User can manage users’ assignments in tasks specified in View & manage tasks scope.
    • All accessible – Possible to reassign all available tasks;
  • Force Ready to start
    • No access – Impossible to make Upcoming and Not ready to start tasks Forced Ready to start;
    • Only own – Possible to make Upcoming and Not ready to start tasks assigned to you Forced Ready to start from task card;
    • My groups – Possible to make Upcoming and Not ready to start tasks assigned to your groups Forced Ready to start from task card;
    • All accessible – Possible to make all Upcoming and Not ready to start tasks Forced Ready to start from task card;

(This permission is enabled if Stage in Item card is Manage)

  • Manage comments (Task) 
    • No access – Impossible to create/ edit/ delete comments;
    • Only own – Possible to create/ edit/ delete only your own comments;
    • My group – Possible to create/ edit/ delete only comments from your group(s);
    • All accessible – Possible to create/ edit/delete all tasks comments;

Be aware that this permission should be used in linkage with the permission “Comments” from the block “Tasks, Summaries and Milestones card fields” (visible when “Item Card” is set to “Advanced”).

  • View tasks
    • No access – Impossible to view tasks on Timesheet, Personal task list, Task list, Pipeline;
    • Only own – Possible to view only tasks assigned to you on Timesheet, Personal task list, Task list, Pipeline (Note that there will be only you on Personal tab on Timesheet and on Personal task list in user selector);
    • My group – Possible to view only tasks assigned to your group/ resources from your group on Timesheet, Personal task list, Task list, Pipeline;
    • All accessible – Possible to view all tasks in scope of projects;
  • Manage tasks
    • No access – Impossible to edit task card fields: task name, summary, phases, tags, description, competence, attributes, constraints, business value, booking ID;
    • Only own – Possible to edit task cards fields (due to Item card permission) only for tasks assigned to you;
    • My group – Possible to edit task cards fields (due to Item card permission) only for tasks assigned to your groups/ users from your groups;
    • All accessible – Possible to edit task cards fields (due to Item card permission) for all tasks;
  • Change Spent, Remaining
    • No access – Impossible to edit Spent/ Remaining hours on task card, Timesheet, Personal task list, Task list and QEM;
    • Only own – Possible to edit Spent/ Remaining hours on tasks assigned to you from task card, Timesheet, Personal task list, Task list and QEM;
    • My group – Possible to edit Spent/ Remaining hours on tasks assigned to your groups/ users from your groups from task card, Timesheet, Personal task list, Task list and QEM;
    • All accessible – Possible to edit Spent/ Remaining hours on all available tasks from task card, Timesheet, Personal task list, Task list and QEM;
  • Change Total
    • No access – Impossible to edit Total hours on task card, Timesheet (in case when user make spent bigger than Total), Personal task list, Task list and QEM;
    • Only own – Possible to edit Total hours on tasks assigned to you from task card, Timesheet (in case when we make spent bigger than Total), Personal task list, Task list and QEM;
    • My group – Possible to edit Total hours on tasks assigned to your groups/ users from your groups from task card, Timesheet (in case when we make spent bigger than Total), Personal task list, Task list and QEM;
    • All accessible – Possible to edit Total hours on all available tasks from task card, Timesheet (in case when user make spent bigger than Total), Personal task list, Task list and QEM;
  • Item card
    • No access – No access to summary/ task/ MS cards
    • View – Possible to view summary/ task/ MS cards
    • Manage – Possible to manage summary/ task/ MS cards
    • Advanced – allow to set up conditions in “Tasks, Summaries and Milestones card fields”:
      • Item name – User is allowed to view or Manage summary/ task/ MS cards names;
      • Project – User is allowed to view project name in summary/ task/ MS cards;
      • Summary
        • View – Possible to view summary name in summary/ task/ MS cards;
        • Manage – Possible to view and edit summary name in summary/ task/ MS cards;
      • Parent Path – User is allowed to view parent path in summary/ task/ MS cards;
      • Related Budgets – User is allowed to view Related Budgets in summary/ task/ MS cards and in Resource advisor;
      • Phases
        • No access – No Phase in summary/ task/ MS cards;
        • View – Possible to view Phases in summary/ task/ MS cards;
        • Manage – Possible to view and edit Phase in summary/ task/ MS cards (Manage Milestones and Phases permission should be ON in order to Manage Phases in Item card);
      • Description
        • No access – No Description in summary/ task/ MS cards (No Description in Task list and Report);
        • View – Possible to view Description in summary/ task/ MS cards;
        • Manage – Possible to view and edit Description in summary/ task/ MS cards;
      • Tags
        • No access – No Tags in summary/ task/ MS cards (Impossible to filter task out by tag filter on Pipeline and Timesheet);
        • View – Possible to view Tags in summary/ task/ MS cards;
        • Manage – Possible to view, add and delete Tags in summary/ task/ MS cards;
      • Item Competences
        • No access – No Competences in summary/ task/ MS cards (Impossible to filter task out by competence filter on Pipeline and Timesheet);
        • View – Possible to view Competences in summary/ task/ MS cards;
        • Manage – Possible to view, add, change order and delete Competences in summary/ task/ MS cards;
      • Item Attributes
        • No access – No Attributes in summary/ task/ MS cards;
        • View – Possible to view Attributes in summary/ task/ MS cards;
        • Manage – Possible to view and edit Description in summary/ task/ MS cards (This permission can be Managed if Manage attributes is ON and Global grade attribute can be seen or managed if Use Global grade is ON);
      • Milestone
        • No access – user doesn’t have access to view Milestone(s);
        • User is allowed to view Milestone in task card;
      • Item Dates
        • No access – No Constraints on summary and task cards;
        • View – Possible to view Constraints on summary and task cards;
        • Manage – Possible to view and edit Constraints on summary and task cards;
      • Stage
        • View – Possible to view stage on task card, but impossible to Force Ready to start;
        • Manage – Possible to Force Ready to Start Upcoming and Not ready to start tasks (It is possible to Manage for scope of tasks specified in Force ready to start permission.);
      • Assignments – See mng group/user assign;
      • Project Manager
        • No access – user can’t view Project Manager on task card
        • View – User is allowed to view Project manager on task card;
      • Team Lead Engineer
        • No access – user can’t view Team lead Engineer on task card;
        • View – User is allowed to view Team Lead Engineer on task card;
      • Item ID
        • No access – User can’t view item ID on item’s card;
        • View – User is allowed to view item ID in summary/ task/ MS cards;
      • Business Value
        • No access – No Business value on summary and task card (Business value shows “0”);
        • View – Possible to view Business value on summary and task card;
        • Manage – Possible to view, edit and resend to default on summary and task card;
      • Booking ID
        • No access – No Booking ID in summary/ task/ MS cards (Booking ID shows “None”);
        • View – Possible to view Booking ID in summary/ task/ MS cards;
        • Manage – Possible to view and edit Booking ID in summary/ task/ MS cards;
      • Comments
        • No access – No comments tab in summary/ task/ MS cards;
        • View – Possible to view comments in summary/ task/ MS cards;
        • Manage – Manage is ability to add, delete or edit comments on the basis of defined permission “Manage comments (Task)” (Manage option always gives possibility to add comments to summaries and milestones, scope for tasks to leave comments is specified in Comments (Tasks) permissions);
      • Deadline
        • No access – No Deadline on MS card;
        • View – Possible to view Deadline on MS card;
        • Manage – Possible to edit  Deadline on MS card;
      • Deadline Baseline
        • No access – Impossible to manage Deadline baseline on MS card;
        • View – Possible to view Deadline baseline on MS card;
        • Manage – Possible to edit Deadline baseline, update to current and Reset to No date on MS card (Baseline permission should be “Manage” in order to manage Deadline Baseline);
      • Sub-items Phases – By default Phases inherited by all tasks inside summary. But for some of them the user can manually change the phase. Task phases other than summary phases will be listed in this field
        • No access- User can’t view sub-items of Phases;
        • View – User can view sub-items of Phases;
      • Default Groups
        • No access – No Default group on summary card;
        • View – Possible to view Default group on Summary card;
        • Manage – Possible to add and delete Default group(s) on Summary card;

Users permissions

Defines functionality for Resource Management.

Screen #8 – Users permissions

  • Scope – you can define permissions for users from a specific scope by combining different conditions.
    • Users from scope groups – This permission includes users from groups specified in the Group Permission Scope.
    • Include with attribute(s) – it’s possible to include users with specific attribute(s)
    • Exclude with attributes(s) – it’s possible to exclude users with specific attibute(s)
    • Include with tag(s) – it is posssible to include users with specific tag(s)
    • Exclude with tag(s) – it is posssible to exclude users with specific tag(s)
    • Include customised list – it is possible to include customised list of users
    • Exclude customised list – it is possible  to exclude customised list of users;
  • Create and delete user – User is allowed to create and delete user on Resource Manager page;
  • Invite users – User is allowed to invite users;
  • Manage user configurations – User is allowed to Copy configuration from Admin page during the invitation user (and reinvitation user);
  • Change user Groups – User is allowed to add and delete users to groups on the Resource Manager page. Possible to add and delete generic users to group and multigroup on Resource Manager page;
  • View users in Future Load Graph – User is allowed to see Future Load at a user level (This permission is available if View Future load is accessible);
  • Access to other user card – The user has access to other users’ cards. This permission is required if you want to allow the user to manage any element on a user’s card.

User card fields

  • User name and Initials – User is allowed to view or Manage user name and initials;
  • Type
    • No access – No Type in user card while creation and editing user;
    • View – Possible to view user type in user card;
    • Manage – Possible to choose user type while creation: user, unit pool, generic. Possible to edit user type: user, unit pool;
  • Email Address
    • No access – No email address in user card and in report;
    • View – Possible to view email address in user card. Impossible to edit user’s own email;
    • Manage – Possible to edit users’ emails;
  • Rate – This permission is not implemented in Dep 1
    • No access – No rate while creating user and editing user card;
    • View – Possible to view Rate in user card;
    • Manage – Possible to edit Rate in user card;
  • Roles
    • No access – No Roles info in user card;
    • View – Possible to view roles;
    • Manage – Possible to add, drag and delete roles in user card;
  • Competencies
    • No access – No competences in user card;
    • View – Possible to view competences in user card;
    • Manage – Possible to add, drag, delete competences in user card;
  • Tags
    • No access – No tags in user cards;
    • View – Possible to view tags in user card;
    • Manage – Possible to add and delete tags in user card;
  • Attributes
    • No access – No attributes in user card;
    • View – Possible to view attributes in user card;
    • Manage – Possible to add and delete attributes from user card;

This permission can be “Manage” if Manage attributes is ON and Global grade attributes can be seen or managed if Use Global grade is ON.

  • Capacity for group(s)
    • No access – No capacity in user card;
    • View – Possible to view capacity in user card;
    • Manage – Possible to edit capacity in user card;
  • Availability
    • No access – No Availability in user card;
    • View – Possible to view availability in user card;
    • Manage – Possible to edit availability in user card;
  • Internal ID
    • No access – No Internal ID in user card;
    • View – Possible to view Internal ID in user card;
    • Manage – Possible to edit Internal ID in user card;

Groups permissions

Defines functionality for Resource Groups Management.

Screen #9 – Groups permissions 

  • Scope
    • All groups – Possible to view all groups;
    • My groups – It is possible to view only the groups of a user, meaning groups where the user has capacity. If you have access to other tasks (not only those of your group), there will be groups marked as ‘Out of scope’ and users marked as ‘N/A user’;
    • Include with attribute(s) – Possible to view groups with some specific attribute(s) and users from these groups;
    • Exclude with attribute(s) – Impossible to see groups with some specific attribute(s) (If excluded group has primary multigroup which is allowed to see, then this excluded group will have name of primary multigroup);
    • Include with tag(s) – Possible to view groups with some specific tag(s) and users from these groups;
    • Exclude with tag(s) – Impossible to see groups with some specific tag(s) (If excluded group has primary multigroup which is allowed to see, then this excluded group will have name of primary multigroup);
    • Include customized list – Possible to view groups (and users from these groups) from a specified list in this permission;
    • Exclude customized list – Impossible to view groups (and users from these groups) from a specified list in this permission;
  • Create and delete groups – User is allowed to create and delete group on Resource Management page;
  • Map, convert groups – User is allowed to map and convert groups on Resource Management page;

Group card fields

  • Group name
    • View – User is allowed to view
    • Manage – User is allowed to view and rename group name;
  • Group Rate – This permission is not ready for Deployment 1. Despite of any chosen option there will be no Group rate on Group card
    • No access – No group rate in group pop up;
    • View – Possible to view group rate in group pop up;
    • Manage – Possible to edit group rate in group pop up;
  • Group Risk Factor
    • No access – No Group risk factor in group pop up;
    • View – Possible to view Group risk rate in group pop up;
    • Manage – Possible to edit Group risk factor to values from dropdown in group card;
  • Tags
    • No access – No tags in group card;
    • View – Possible to view tags on group card;
    • Manage – Possible to add and delete tags in group card;
  • Attributes
    • No access – No attributes in group card;
    • View – Possible to view attributes on group card;
    • Manage – Possible to add and delete attributes in group card;
  • Booking ID
    • No access – No Booking ID in group card (Booking ID shows “None”);
    • View – Possible to view Booking ID in group card;
    • Manage – Possible to add, edit and delete Booking ID in group card;
  • Primary multigroup
    • View – Possible to view primary multigroup in group card;
    • Manage – Possible to add ,edit and delete primary multigroup;
  • Subgroups
    • No access – No Measure on Material group card;
    • View – Possible to view subgroups in multigroup card;
    • Manage – Possible to add and delete groups from multigroup pop up;
  • Measure
    • No access – No Measure on Material group card;
    • View – Possible to view Measure on Material group card;
    • Manage – Possible to edit Measure on Material group card;
  • Measure abbrv
    • No access – No Measure abbrv on Material group card;
    • View – Possible to view Measure abbrv on Material group card;
    • Manage – Possible to view Measure abbrv on Material group card;
  • Material rate
    • No access – No Material rate on Material group card;
    • View – Possible to view Material rate on Material group card;
    • Manage – Possible to edit Material rate on Material group card;
  • Unit price
    • No access  – No Unit price on Material group card;
    • View – Possible to view Unit price on Material group card;
    • Manage – Possible to edit Unit price on Material group card;

User Configuration

Every user can set up an individual display of information by hiding or showing items. You can copy the individual configuration from any user or a default profile and set it to other users.

To this end, go to the Admin page, select “Copy configuration” and define what configuration you’d like to apply to the user.

To set up the Default profile configuration, the same sequence of actions should be applied.

Screen #10– Admin – Copying Configuration

Keep in mind that to define user settings “Manage User Settings” permission should be granted in the role assigned to your account.

Besides, you can select items for assigning to a certain user from the Advanced list.  

Screen #11 – Admin – Copy configuration – Advanced Option

There’s the following list of items:

  • Unmapped Area Height
  • Are Not Active Projects In Project Filter Expanded On Graphs
  • Use Capacity View
  • Use Output View
  • Show Unmapped Hidden Groups
  • Show Unmapped Hidden Users
  • Use Capacity Units Per Day
  • Shown Columns For Capacity In User Card
  • Bubble Graph Priority
  • Use Financial View In Burnup
  • Total Expected Slider Value In Dashboard
  • Bubble View And Axis
  • Resource Management Filter
  • Create The First Task For Project
  • Create Another Task From Task Card
  • Selected Task Card Tab
  • Show Only Important Task Comments
  • Selected Phases To Filter
  • Projects To Show Empty Phases
  • Timesheet Slider Filter
  • Pipeline Table Columns
  • Timesheet Columns
  • Task Card Columns
  • Milestone Card Columns
  • Summary Card Columns
  • Selected Pipeline Planning Type
  • Selected Pipeline Main Planning Type
  • Show Alternative Blocks Positions In Pipeline
  • Show Node Possible Dates In Pipeline
  • Show Node Constraint Dates In Pipeline
  • Show Material Units In Task Card
  • Shown Pipeline Filters
  • Selected Timesheet View (Month or weeks)
  • Order of the groups filters to show for graphs
  • Task List Column Details
  • Shown Group Order
  • Hidden Groups
  • Pipeline Tabs Size
  • Additional Graphs

Besides, Epicflow will suggest you define configuration settings when inviting a new user to the system.

   Screen #12 – Inviting a User 

Default Roles

Administrator


By default, Administrator is permitted to use all the functionality in the system:

  • Manage the Pipeline (add projects to the pipeline, synchronize, and remove them)
  • Change Group (map external resources, create, rename, delete, and merge Groups)
  • Change/add/delete Roles (add/remove/modify roles for other users, including oneself)
  • Manage availability (add, delete, invite users, modify capacity and availability for other users and oneself)
  • View company resources (work on Resource Management page)
  • View external data sources (see and add data sources)
  • Change/add/delete all resource assignments (assign any user of any group to a task)
  • Change/add/delete resource assignments for your groups (add, delete, re-assign on a user from the group he/she belongs to)
  • Change/add/delete personal resource assignments (re-assign the tasks previously assigned to anyone to oneself and un-assign them)
  • Change group assignments for all groups (edit group assignments for all groups)
  • Change group assignments for one’s own groups (edit group assignments only for the groups the user belongs to)
  • View resource financial information
  • View project financial information
  • Change resource financial information (edit resource financial information)
  • Change project financial information (edit project financial information)
  • View project approved budget in work hours
  • Change project approved budget in work hours
  • Competence Administration
  • Attribute Administration
  • Manage Attributes

Project Manager


A person assigned to the role of Project Manager is allowed to:

  • Create Project
  • Manage Project Card: Project Name, Dates, Project Manager, Tags and Booking ID.
  • Manage Single Project Leveling
  • Manage Module Library
  • Manage the structure of the projects: create and delete tasks, manage summaries, milestones and phases.
  • Manage group assignments

Pipeline Manager


  • Manage Projects: add, synchronize, move projects from active to inactive tab, close projects and remove them.
  • Manage Project Card: Project Name, Dates, Project Manager, Business Value, Tags, Budget Settings Tab, Info Tab and Booking Id.
  • Manage Pipeline Leveling
  • Manage Single Project Leveling
  • View and manage Import (External DataSources)
  • Manage Module Library
  • Manage the structure of the projects: create and delete tasks, manage summaries, milestones and phases.
  • Manage group assignments

Resource Manager


A person assigned to the role of Resource Manager is allowed to:

  • View the Pipeline
  • Manage availability (add, delete, invite users, modify capacity and availability for other users and oneself)
  • View company resources (work on Resource Management page)
  • Change/add/delete all resource assignments (assign any user of any group to a task)
  • Change/add/delete resource assignments for groups (add, delete, re-assign to a user from the group he/she belongs to)
  • Change/add/delete personal resource assignments (re-assign tasks previously assigned to anyone to oneself and un-assign them)
  • Change group assignments for all groups (edit group assignments for all groups)
  • Change group assignments for their groups (edit group assignments only for the groups the user belongs to)

User


People assigned the User’s role are permitted to access functionality that they need to perform their duties:

  • View company resources (work on the Resource Management page);
  • Change/add/delete all resource assignments (assign any user of any group to a task);
  • Change/add/delete resource assignments for their groups (add, delete, re-assign to user from the group they belong to);
  • Change/add/delete personal resource assignments (re-assign the tasks that have been previously assigned to anyone to oneself and un-assign them);
  • Change group assignments for all groups (edit group assignments for all groups);
  • Change group assignments for one’s own groups (edit group assignments only for the groups the user belongs to).

Keep in mind that only the Administrator can add a new role with a set of required permissions. Click the “Add New Role” button, specify the user’s role, and fill in the checkbox in the Admin Panel. Any of the above-mentioned roles can be edited by the Administrator in the Admin panel.

Nevertheless, the proposed set of groups is not limited and can be extended with any others in accordance with the developed Group Policy by the customer.

Additional Roles

This part contains a list of Roles that you may want to create as you implement the system of Distributed Roles. They aren’t available in Epicflow by default, so you will have to create them and adjust them based on your needs and requirements.

External Users

If you’re going to grant access to the system to external users, first you have to create an additional role “External user”. We recommend limiting access only to the projects they’ll work with + update for their own assignments. The set of permissions may vary but usually it’s as follows:

  • Change/Add/Delete Resource assignments for your groups
  • Change/Add/Delete one’s own Resource assignments
  • View tasks – Only one’s own or My Group
  • Manage tasks – Only one’s own
  • Only View projects – use a customized list to limit the scope
  • View and manage projects – None

Project-Dedicated Users

We recommend having separately defined roles for each Project. It’ll help you keep your team focused on the Projects and avoid distractions.

The set of permissions may vary but usually, it consists of the following options:

  • Change/Add/Delete Resource assignments for your groups
  • Change/Add/Delete one’s own Resource assignments
  • Change Group assignments for one’s own groups
  • View Pipeline
  • View tasks – My group or Only one’s own
  • Manage tasks – My group or Only one’s own
  • Only view projects – use a customized list or sub-string filter to limit the scope
  • View and manage projects – None
  • Manage Summaries

Project-Dedicated Team Lead

For each Project-Dedicated User group, we recommend creating a Project Dedicated Team Lead. The users who belong to this group should be responsible for Project management in the area of their responsibilities but also the right to view other projects will be useful for them.

The set of permissions may vary but usually, it’s as follows:

  • Change Group
  • Manage Availability
  • View Company Resources
  • View External DataSources
  • Change/Add/Delete Resource assignments for one’s own groups
  • Change/Add/Delete own Resource assignments
  • Change Group assignments for all groups
  • Change Group assignments for one’s own groups
  • View Dashboard
  • View Pipeline
  • Create a project
  • View tasks – My group’s tasks or All tasks
  • Manage tasks – My group’s tasks
  • Only view projects – either customized list or sub-string filtered
  • View and manage projects – either customized list or sub-string filtered but only those which they are responsible for
  • Manage Milestones
  • Manage Summaries
  • View Gantt chart

Multiple Roles and Complex Permissions

You have the possibility to create more complex permissions by creating multiple roles that will be granted to the one user. For each role, you can grant different permissions. Each permission can be limited by the scope of projects, items, users, and groups that the user will be able to view or manage.

Multiple roles allow for flexible permission management across different projects. For example, a user may have a role with full permissions for one project group (e.g., “Development”) while having limited or no permissions for another group (e.g., “Marketing”). These roles are applied separately, meaning that permissions set for one role do not influence those of another.

  1. Role-Specific Permissions: Users can only perform actions within their assigned permissions. For instance, a user with a role that includes full access to the “Development” group can create and manage tasks in those projects. However, the same user may not be able to expand or edit projects in the “Marketing” group due to limited permissions.
  1. Project Group Hierarchy: Permissions apply to all projects within a project scope. When a change is made at the project scope level, it affects all the projects and tasks within that group. For example, granting a role access to view specific projects will make those projects and their details visible to the user under that role.
  1. Separate User Scopes: Users can have different permissions within the same project scope depending on their role. For example, a “Resource Manager” role might allow full access to certain user data, while a “Project Manager” role may only allow viewing limited fields. When a user logs in, they see information based on the highest permissions of their roles.
  1. Real-Time Updates: Changes in roles or permissions require users to refresh their interface to see the updated permissions. For example, if an admin grants a user additional permissions, the user must refresh the page to access the new capabilities.
  1. Managing Conflicting Permissions: When users have roles with overlapping permissions, the role with the highest permissions takes precedence. For instance, if a user has access to view and edit certain data in one role but only view it in another, the editing permissions would apply.
  1. Control for Special Cases: The updated permission structure allows for specific configurations like granting access to certain project groups even when the user is not a part of those groups. This feature is useful for roles that need visibility or control in projects without being directly assigned to them.

This structure ensures a more tailored and controlled approach to managing access and permissions across various project groups and roles. It simplifies assigning responsibilities and helps maintain data security by applying role-specific scopes and user-specific restrictions.

Updated on December 11, 2024
Was this article helpful?

Related Articles