Projects app permissions
Privileges define the level of access, or permissions, that each user has across the Projects app. Roles specify the level of access, or permissions, each user has within individual projects and frameworks.
Privileges vs. Roles
A privilege defines a user's global access across the app.
System Admins with a Professional subscription are automatically granted Project Admin privileges. If you are not a System Admin, you must have a Professional subscription to be granted Project Admin privileges.
Roles apply within an individual project or framework. A single user may have a different role for each project or framework, and the role has no implication across the app:
Example
You are a Project Admin, and you need to create two projects for your organization. Your colleague Sam also uses Projects but only requires access to individual projects.
To grant him access to the projects you created, you assign him specific roles in each project:
- Project 1 Professional User
- Project 2 Oversight Reviewer
In project 1, Sam has full read and write access to the project. However, his access to project 2 is limited to read-only. Sam is not able to access any global settings.
Permissions in other apps
The Projects app relates to a variety of other Diligent One apps. Once you provision user access in the Projects app, users will be granted the same privileges and roles in the following apps:
- Frameworks
- Compliance Maps
- Assurance Plans
- Scheduler
- Offline Projects
- Diligent HighBond for iOS or Android
- Mission Control
- Issue Tracker
- Task Tracker
- Timesheets
Available privilege types
Project Admins must assign users the specific privileges they require before they can work with projects and frameworks.
| Privilege | Description | Remarks |
|---|---|---|
| Project Admin | Full access to Projects and automatically assigned the Professional Manager role for all projects in the Diligent One instance |
Project Admins can:
System Admins with a Professional subscription are automatically assigned as Project Admins. |
| Project Type Admin | Project type creation and edit access for specific project types; automatically assigned the Professional Manager role for projects of the types to which they have been assigned |
Project Type Admins can:
|
| Project Creator |
Rollforward access to all projects and automatically assigned the Professional Manager role for any projects they create |
Project Creators can:
System Admins with a Professional subscription are automatically assigned the Project Creator privilege. |
| View Archived Projects | View access to archived projects within the Diligent One instance |
To view an archived project, you must be assigned a combination of one of the following roles AND the View Archived Projects privilege:
System Admins with a Professional subscription are automatically assigned the View Archived Projects privilege. Note Users need to be assigned the View Archived Projects privilege before the project is archived. If the project has already been archived, you need to unarchive the project, assign the user the View Archived Projects privilege, and re-archive the project. |
| Timesheets Admin | Full read and write access to all time entries entered within the Diligent One instance, and ability to modify Timesheets settings |
To have read and write access to timesheets, you must be assigned a combination of one of the following roles AND the Timesheets Admin privilege:
System Admins with a Professional subscription and Project Admins are automatically assigned as Timesheets Admins. |
| Assurance Plans Admin | Full read and write access to assurance plans |
Project Admins are automatically assigned the Assurance Plans Admin privilege. Assurance Plans Admins that are also Project Creators can create, link, and rollforward projects in an assurance plan. Assurance Plans Admins that are not Project Creators can only link projects in an assurance plan. |
| Compliance Maps Privileges | A specified level of access to compliance maps |
There are three levels of access available:
|
Available roles
Users assigned the Professional Manager role can grant individual users and user groups access to projects and frameworks. If a user has different individual and user group permissions, the user can access everything that each separate role provides them access to.
Note
- Interface terms are customizable, and fields and tabs are configurable. In your instance of Diligent One, some terms, fields, and tabs may be different.
- If a required field is left blank, you will see a warning message: This field is required. Some custom fields may have default values.
| Role | Description |
|---|---|
| Professional Manager | Full read and write access to the project or framework, and the ability to modify any project or framework settings |
| Professional User | Full read and write access to the project or framework |
| Oversight Executive | Full read-only access to the project or framework, full write access to to-dos, and restricted access to respond to issues, requests, and actions, and perform sign-offs |
| Oversight Reviewer | Limited read-only access to the project or framework |
| Contributor Manager | Access to all narratives, controls, requests and issues |
| Contributor Tester | Access to assigned objectives, narratives associated with assigned objectives, and assigned controls, walkthroughs, tests, requests, and issues. Can create requests and issues. |
| Contributor User | Access to assigned objectives, narratives associated with assigned objectives, and assigned controls, requests, and issues |
| No Access | These users may be added to a Diligent One instance; however, their only interaction with Projects is by responding to requests, actions, and questionnaires |
Subscriptions, privileges, and roles
Each user license has a subscription. Subscriptions define which privileges and roles are available in the app. For more information, see Managing licenses and subscription permissions.
Privileges and roles per subscription
Available
** Read/Write and Read access available
* Read access available
Not available
| Privilege / Role | Professional | Oversight | Contributor |
|---|---|---|---|
| Project Admin |
|
|
|
| Project Type Admin |
|
|
|
| Project Creator |
|
|
|
| View Archived Projects |
|
|
|
| Timesheets Admin |
|
|
|
| Assurance Plans Admin |
|
|
|
| Compliance Maps Privileges |
**
|
*
|
|
| Professional Manager |
|
|
|
| Professional User |
|
|
|
| Oversight Executive |
|
|
|
| Oversight Reviewer |
|
|
|
| Contributor Manager |
|
|
|
| Contributor Tester |
|
|
|
| Contributor User |
|
|
|
Access available per privilege
Project Admins have full read and write access to the Projects app.
Users assigned other privileges (Project Creator, View Archived Projects, Assurance Plans Admin, Timesheets Admin, and Compliance Maps Privileges) have more discrete areas of access in the Projects app.
Full read and write access
* Full read and write access if also assigned the Assurance Plans Admin privilege
** Full read and write access for assigned project types.
Read-only access
Access for specific projects based on role
No access
| Access | Project Type Admin | Project Creator | View Archived Projects | Assurance Plans Admin | Timesheets Admin | Compliance Maps Privileges |
|---|---|---|---|---|---|---|
|
|
|
|
|
|
|
|
| Manage project types |
**
|
|
|
|
|
|
| Manage entities |
|
|
|
|
|
|
| Manage settings |
|
|
|
|
|
|
| Create projects |
|
|
|
|
|
|
| Temporarily delete projects |
|
|
|
|
|
|
| Restore deleted projects |
|
|
|
|
|
|
| Permanently delete projects |
|
|
|
|
|
|
| Create frameworks |
|
|
|
|
|
|
|
|
*
|
|
|
|
|
|
| Scheduler settings |
|
|
|
|
|
|
| Scheduler |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Timesheets |
|
|
|
|
|
|
| Compliance Maps |
|
|
|
|
|
Type of Compliance Maps Privileges:
|
Access available per role
Roles are assigned within projects and frameworks. A single user may have a different role for each project or framework.
Note
- Interface terms are customizable, and fields and tabs are configurable. In your instance of Diligent One, some terms, fields, and tabs may be different.
- If a required field is left blank, you will see a warning message: This field is required. Some custom fields may have default values.
Professional roles
Full read and write access
* Full read and write access for items created by them
No access
Oversight roles
Full read and write access
* Full read and write access for items created by them
Read-only access for all items
Respond-only access (comment, attach files, and update select fields) for all items
No access
Contributor roles
Note
Users assigned a Contributor role (Contributor Manager, Contributor Tester, Contributor User) must also be assigned as an owner for items in a project or framework. For detailed access matrices that illustrate Contributor role access, see Contributor roles in Projects.
Contributors have limited access to projects and frameworks. Contributors cannot:
- administer projects and frameworks
- archive, unarchive, and rollforward projects
- delete projects and frameworks
They also cannot access the following:
- Scheduler
- Timesheets
- Task Tracker
- Issue Tracker
- Planning
- Progress
- Unpublished issues
- Offline Projects
- Diligent HighBond for iOS or Android
Assign privileges
By default, new users are not assigned access to any projects or frameworks. Project Admins must assign users the specific privileges they require before they can work with projects and frameworks.
For more information, see Assigning user privileges in projects and frameworks.
Assign roles
Users assigned the Professional Manager role can grant individual users and user groups access to projects and frameworks.
For more information, see Assigning user roles in projects and frameworks.
