Projects app permissions

Privileges define the level of access, or permissions, that each user has across the Projects app. Roles specify the level of access, or permissions, each user has within individual projects and frameworks.

Privileges vs. Roles

A privilege defines a user's global access across the app.

System Admins with a Professional subscription are automatically granted Project Admin privileges. If you are not a System Admin, you must have a Professional subscription to be granted Project Admin privileges.

Roles apply within an individual project or framework. A single user may have a different role for each project or framework, and the role has no implication across the app:

Example

You are a Project Admin, and you need to create two projects for your organization. Your colleague Sam also uses Projects but only requires access to individual projects.

To grant him access to the projects you created, you assign him specific roles in each project:

  • Project 1 Professional User
  • Project 2 Oversight Reviewer

In project 1, Sam has full read and write access to the project. However, his access to project 2 is limited to read-only. Sam is not able to access any global settings.

Permissions in other apps

The Projects app relates to a variety of other Diligent One apps. Once you provision user access in the Projects app, users will be granted the same privileges and roles in the following apps:

  • Frameworks
  • Compliance Maps
  • Assurance Plans
  • Scheduler
  • Offline Projects
  • Diligent HighBond for iOS or Android
  • Mission Control
  • Issue Tracker
  • Task Tracker
  • Timesheets

Available privilege types

Project Admins must assign users the specific privileges they require before they can work with projects and frameworks.

Privilege Description Remarks
Project Admin Full access to Projects and automatically assigned the Professional Manager role for all projects in the Diligent One instance

Project Admins can:

  • administer user privileges
  • administer access roles for all projects and frameworks in the Diligent One instance
  • create new projects and frameworks
  • administer existing projects and frameworks
  • configure Scheduler settings
  • set up entity tagging

System Admins with a Professional subscription are automatically assigned as Project Admins.

Project Type Admin Project type creation and edit access for specific project types; automatically assigned the Professional Manager role for projects of the types to which they have been assigned

Project Type Admins can:

  • create new project types

  • edit existing project types that they have been assigned access to

 

 

Project Creator

Rollforward access to all projects and automatically assigned the Professional Manager role for any projects they create

Project Creators can:

  • create new projects and frameworks
  • archive projects, view archived projects, and rollforward projects

System Admins with a Professional subscription are automatically assigned the Project Creator privilege.

View Archived Projects View access to archived projects within the Diligent One instance

To view an archived project, you must be assigned a combination of one of the following roles AND the View Archived Projects privilege:

  • Professional Manager
  • Professional User
  • Oversight Executive
  • Oversight Reviewer

System Admins with a Professional subscription are automatically assigned the View Archived Projects privilege.

Note

Users need to be assigned the View Archived Projects privilege before the project is archived. If the project has already been archived, you need to unarchive the project, assign the user the View Archived Projects privilege, and re-archive the project.

Timesheets Admin Full read and write access to all time entries entered within the Diligent One instance, and ability to modify Timesheets settings

To have read and write access to timesheets, you must be assigned a combination of one of the following roles AND the Timesheets Admin privilege:

  • Professional Manager
  • Professional User
  • Oversight Executive

System Admins with a Professional subscription and Project Admins are automatically assigned as Timesheets Admins.

Assurance Plans Admin Full read and write access to assurance plans

Project Admins are automatically assigned the Assurance Plans Admin privilege.

Assurance Plans Admins that are also Project Creators can create, link, and rollforward projects in an assurance plan.

Assurance Plans Admins that are not Project Creators can only link projects in an assurance plan.

Compliance Maps Privileges A specified level of access to compliance maps

There are three levels of access available:

  • Read/Write Allows users to create, edit, or delete regulations, standards, or requirements, view aggregated testing results, map controls to requirements, and export reports
  • Read Allows users to view regulations, standards, requirements, mapped controls, and aggregated testing results, and export reports
  • No Access No access to Compliance Maps

Available roles

Users assigned the Professional Manager role can grant individual users and user groups access to projects and frameworks. If a user has different individual and user group permissions, the user can access everything that each separate role provides them access to.

Note

  • Interface terms are customizable, and fields and tabs are configurable. In your instance of Diligent One, some terms, fields, and tabs may be different.
  • If a required field is left blank, you will see a warning message: This field is required. Some custom fields may have default values.
Role Description
Professional Manager Full read and write access to the project or framework, and the ability to modify any project or framework settings
Professional User Full read and write access to the project or framework
Oversight Executive Full read-only access to the project or framework, full write access to to-dos, and restricted access to respond to issues, requests, and actions, and perform sign-offs
Oversight Reviewer Limited read-only access to the project or framework
Contributor Manager Access to all narratives, controls, requests and issues
Contributor Tester Access to assigned objectives, narratives associated with assigned objectives, and assigned controls, walkthroughs, tests, requests, and issues. Can create requests and issues.
Contributor User Access to assigned objectives, narratives associated with assigned objectives, and assigned controls, requests, and issues
No Access These users may be added to a Diligent One instance; however, their only interaction with Projects is by responding to requests, actions, and questionnaires

Subscriptions, privileges, and roles

Each user license has a subscription. Subscriptions define which privileges and roles are available in the app. For more information, see Managing licenses and subscription permissions.

Privileges and roles per subscription

      Available

** Read/Write and Read access available

*   Read access available

      Not available

Privilege / Role Professional Oversight Contributor
Project Admin
Project Type Admin
Project Creator
View Archived Projects
Timesheets Admin
Assurance Plans Admin
Compliance Maps Privileges ** *
Professional Manager
Professional User
Oversight Executive
Oversight Reviewer
Contributor Manager
Contributor Tester
Contributor User

Access available per privilege

Project Admins have full read and write access to the Projects app.

Users assigned other privileges (Project Creator, View Archived Projects, Assurance Plans Admin, Timesheets Admin, and Compliance Maps Privileges) have more discrete areas of access in the Projects app.

   Full read and write access

* Full read and write access if also assigned the Assurance Plans Admin privilege

** Full read and write access for assigned project types.

   Read-only access

   Access for specific projects based on role

   No access

Access Project Type Admin Project Creator View Archived Projects Assurance Plans Admin Timesheets Admin Compliance Maps Privileges

Manage user privileges

Manage project types **
Manage entities
Manage settings
Create projects
Temporarily delete projects
Restore deleted projects
Permanently delete projects
Create frameworks

Assurance Plans

*
Scheduler settings
Scheduler

Project Library

Timesheets
Compliance Maps

Type of Compliance Maps Privileges:

  • Read/Write
  • Read
  • No Access

Access available per role

Roles are assigned within projects and frameworks. A single user may have a different role for each project or framework.

Note

  • Interface terms are customizable, and fields and tabs are configurable. In your instance of Diligent One, some terms, fields, and tabs may be different.
  • If a required field is left blank, you will see a warning message: This field is required. Some custom fields may have default values.

Professional roles

   Full read and write access

* Full read and write access for items created by them

   No access

Access Professional Manager Professional User
Administer project or framework settings

Administer project or framework user roles

Archive, unarchive, and rollforward projects

Temporarily delete projects

Create frameworks

Sync projects with frameworks

Delete frameworks
Scheduler

Timesheets

*

*

Task Tracker

Issue Tracker

Progress

Planning

Controls
Walkthroughs
Testing rounds
Requests

Published issues

Unpublished issues

Actions

To-dos

Sign-offs For more information, see Reviewing work and signing-off.
Offline Projects
Diligent HighBond for iOS or Android

Oversight roles

   Full read and write access

* Full read and write access for items created by them

   Read-only access for all items

   Respond-only access (comment, attach files, and update select fields) for all items

   No access

Access Oversight Executive Oversight Reviewer
Administer project or framework settings

Administer project or framework user roles

Archive, unarchive, and rollforward projects

Temporarily delete projects

Create frameworks

Sync projects with frameworks

Delete frameworks
Scheduler

Timesheets

*

Task Tracker

Issue Tracker

Progress

Planning

Controls
Walkthroughs
Testing rounds
Requests

Published issues

Unpublished issues

Actions

To-dos

Sign-offs For more information, see Reviewing work and signing-off.
Offline Projects
Diligent HighBond for iOS or Android

Contributor roles

Note

Users assigned a Contributor role (Contributor Manager, Contributor Tester, Contributor User) must also be assigned as an owner for items in a project or framework. For detailed access matrices that illustrate Contributor role access, see Contributor roles in Projects.

Contributors have limited access to projects and frameworks. Contributors cannot:

  • administer projects and frameworks
  • archive, unarchive, and rollforward projects
  • delete projects and frameworks

They also cannot access the following:

Assign privileges

By default, new users are not assigned access to any projects or frameworks. Project Admins must assign users the specific privileges they require before they can work with projects and frameworks.

For more information, see Assigning user privileges in projects and frameworks.

Assign roles

Users assigned the Professional Manager role can grant individual users and user groups access to projects and frameworks.

For more information, see Assigning user roles in projects and frameworks.