Roles and Permissions

Roles enable you to define what people can and cannot do in your activeCollab installation. You can set-up and manage roles in the Roles section of the administration area:

ou should also be aware that there are two type of roles in activeCollab: System Roles and Project Roles.

1. System Roles

System Roles define which permissions users have across the whole of activeCollab (such as ability to log in and use the system, access the administration area or manage projects etc.).

activeCollab comes with five predefined roles that you can start using immediately. The first three of which are intended for members of your own company:

  1. Administrator - Has permission to access the whole system, including access to the Admin panel. This Role overrides all other settings, including any Project Roles the user may have.
  2. Project Manager - Has all project management related permissions, but can't access the Administration panel or manage other people's accounts. This role lets users create new projects; gives them access to all existing projects; and the ability to manage any project information regardless of any Project Roles the user may have.
  3. Member - The preferred role for members of your company. Users set as Members can access only projects they are assigned to; but can see objects marked as private. Their project level permissions are defined by their Project Role. Members can also create new projects and create their own assignment filters.

The fourth and fifth roles are designed for people who are not included in your company (mostly clients). These people can only see projects they are involved with and can't see objects marked as private. Administrators, Project Managers and Project Leaders can control their access with Project Roles or even defining custom permissions. They cannot create new projects, use assignments filters or use the time report functionality.

There's only one difference between Client Company Member and Client Company Manager: the Client Company Manager can update contact information for his company and add new people to it in your activeCollab setup. With this functionality you can let clients handle some basic company and user administration on your behalf.

If none of the predefined Roles look right for you, you can create new roles or change existing ones to fit your needs:

Every System Role has the following permissions that you can grant or forbid:

Permission  Description
 Module 
system_access This permission sets whether a user can access activeCollab. Set this to No if you don't want to delete a specific user accounts but you want to restrict them from accessing the system for the moment. System 
admin_access Set this permission to Yes if you want to give administration permissions to users in a selected role. This permission overrides every other permissions and additionally gives users access to the Admin panel. System
project_management Project managers have full permission for everything relating to projects in activeCollab. They can see and access any project and have complete access inside each one. Project managers can create projects even if add_project permission is set to No!
 System
people_management  People managers have all permissions regarding account management in the People section. They can create new users or manage existing users and companies without any restrictions.
 System
add_project Sets whether user can create new projects or not. When creating a project, members of client companies will see only people and companies they have previously worked with. They will not see everyone! Administrators and project managers can always create new projects no matter what is set here! System
manage_company_details Set to Yes if you want to allow a user to manage company details. The user will then be able to change the company information of the company that they already belongs to, as well as being able to add new people and receive/access Invoices issued to it. Please note, if no-one from a company has the correct permission, you won't be able to send email notifications for new invoices to anyone in it, because there will be no eligible recipient for such an email! System
can_see_private_objects Set to Yes for roles that must be able to see objects in activeCollab marked as private. Usually, this permission is set to Yes only for members of your own company and to No for the client roles. This makes it easy to hide internal discussions or other confidential information that should be kept in-house. System
manage_trash If set to Yes this role will enable users to manage items that has been trashed by any other user: delete them premaritally or restore them from the trash. When set to No this role will enable user to trash the item, but not to see the Trash icon, or to manipulate further with trashed data. System
manage_assignment_filters Set to Yes only for roles that should be allowed to either create new or manage existing assignment filters. If set to No, users will be able only to use existing filters, but not create new or change the settings of existing ones. Resources
use_time_reports This permission determines whether a user can use the time reports functionality or not. Time reports are available both globally and per project. If this permission is set to No, the user will not be able to see or use any time reports. Time Tracking
manage_time_reports Set to Yes for roles you want to be able to create or manage time reports. Time Tracking
can_use_status_updates Set to Yes to allow a user to use the Status Update tool. Status
can_use_incoming_mail_frontend When this permission is set to Yes, users will be able to access email conflict resolution tool and resolve any potential issues with incoming emails. Incoming Mail
can_use_documents This permission enables users to access the optional global Documents section. When they have access to this section, users will be able to see the Docs icon in the toolbar and view all files placed there. Documents
can_add_documents This permission enables users to upload new files and post new text documents in the global Documents section. Please note that this permission is ignored if the role does not also have the can_use_documents permission set to Yes. Documents
can_manage_invoices When set to Yes, person with this permission will be able to create new Invoices, issue existing invoice drafts, mark them as billed or canceled, and to delete Invoices. Invoice

2. Project Roles

Project Roles are re-usable sets of project permissions that define what a user can see and access within a specific project. As project roles are defined on a project-by-project basis, users can have several Project Roles, different for each project they are involved with. When adding a user to a project you can select one of the earlier defined project roles or create a custom set of permissions for that particular project:

Remember

Administrators, Project Managers and person set as the Project Leader will automatically have all permissions for that project, as their System Role overrides their Project Role in this case.

Project Role permissions are set for each type of project object (eg. ticket, milestone) and can have four levels:

  1. No access - The user will not be able to view or work with this object in this particular project. The tab for the object will also be hidden from their navigation. Objects of this type (from this project) will not be shown to the user anywhere in activeCollab. For example, by setting 'No Access' to Tickets for a user, she will never be able to see or access any of the Tickets from that project or see the Tickets tab.
  2. Has access - The user can see the tab and access it, but he or she cannot create new objects or manage existing ones.
  3. ... and Can Create - The user has access and can create new objects of that type, but cannot manage existing objects.
  4. ... and Can Manage - As well as being able to view and create objects of this type, the user can also edit and delete existing items.
Important Note

If a project object (Ticket, Milestone or Task) is not assigned, then all users who have 'Has Access', 'Can Create' or 'Can Manage' project permissions set to Yes will be able to manage that project object. This is a default system behavior that enables users to access and assign themselves to project objects such as Tickets, Milestones or Tasks. If someone os already assigned to a ticket, milestone or task permissions will work as expected.