Permission denied – How roles and permissions work in aC 1.0

Homepage » activeCollab Blog Archive » Permission denied – How roles and permissions work in aC 1.0

One of the most important new features in activeCollab 1.0 is an improved user roles and permissions system

There are three roles that a user could have in activeCollab 0.7.1:

Owner company member with administration permissions
Owner company member without administration permissions
Members of client companies

While this setup would do the trick in most situations, it wasn’t flexible enough and created problems in some situations, especially to people who wanted to let their clients create projects or had contractors on board. In order to address these issues, we made a more flexible roles and permissions system in activeCollab 1.0.

Here is a part of the “Roles” chapter from the “activeCollab 1.0 User Manual”. Please note that this is an early draft of the User Manual and that it might change by the time we launch.

There are two groups of users in any activeCollab setup:

Members of owner company
Members of client companies

Any member of the “owner company” has a role he or she plays in the system. By default activeCollab ships with four predefined roles:

Administrator
Project manager
Contractor
Company member

Every role has its own set of permissions. For instance, project managers don’t require access to administration but they certainly need to be able to start new projects and manage existing ones. On the other hand, members and contractors are just involved in the project. They don't do any project management or administration so they don't require those permissions.

You are not limited to predefined roles. Setting up and managing roles is easy thanks to the role management tool in the administration section. The roles management tool lets you define new roles, see who has specific roles, alter them.

Note: In order to make the delete option available there must not be any members with that role assigned.

Clients have a simpified role system.

Company manager
Member

Every client company needs to have at least a company manager. The manager has some extra permissions, for example he or she can alter company details and manage accounts of other members. If the client company logo changes or one of their members changes his or her email address they can handle the change themselves without the need to contact your stuff and distract them from their regular duties.

The number of users the client company manager can create is limited with the "Max. members" property. It can also be set to 0 in order to remove any limitations (the manager will be able to add as many users as needed).

Note: If you decide to let your clients create new projects in the system you just need to open - Administration / Settings / General settings, and make sure that the option "Let clients start new projects" is enabled.

While roles define permissions on a system level there are also project level permissions that let you specify what users can and cannot do per project – giving you more flexibility when needed.

So, now you know how roles and permissions work. We dare you to find a flaw in the system! Remember, if you do “crack the code” – let us know!

Posted on: 2007-06-06 8:07

Comments:

todd

2007-06-06 10:56

I can’t tell you how bad I need ActiveCollab 1.0. Please hurry!

Kevin N. Murphy

2007-06-06 10:58

Wow, powerful addition I must say.

This is a problem I run into since I try to organize some of my personal hobby projects with activeCollab. Sometimes I want to have a friend be able to manage things if I am working on a project with them. Only being able to achieve that through giving them administrator privileges has not worked since I would loose the privacy on my other projects.

Problem solved!

Solarenergy for Afrika

2007-06-06 4:09

very nice!

you guys rock!

i hope i can wait for 1.0

interactive

2007-06-07 4:59

So in 1.0, we can delegate a specific role to anyone. This is a great feature.
Thx

romdg

2007-06-07 8:25

This sounds to be what was missing from ac, and basecamp for that mattter. good job AC!!

simpsomboy

2007-06-07 8:37

Great!

and how I can get the 1.0 version?
Is there any way to get a beta (I saw it’s closed) version?

Thank you

Ilija Studen

2007-06-10 1:40

@simpsomboy:

Unfortunately, the beta has been closed due to the large number of applications (which we need to go through), but never say never. Feel free to send an e-mail describing yourself and your organization, so the least we could to is add you to the waiting list.

d1rk

2007-06-14 6:38

Im really looking forward to v1.

Is it possible to have svn-access to v1?

Ilija Studen

2007-06-14 7:18

@d1rk: Sorry, SVN access is limited to development team only.

#10

Dennison Uy

2007-06-14 10:34

I hope the new role definition system can be flexible enough to allow for more setups such as giving specific members of other companies the capability to view timesheets, or allow members from another company (e.g. a partner) to work on the same project and enter the # of hours worked into the timesheet.

#11

petergerald

2007-06-14 10:43

@dennison: I definitely agree!

#12

Ilija Studen

2007-06-14 11:16

As explained in the text, roles are global permissions (can access administration, can manage project, can create project etc) while project level permissions define what people can do in a specific project.

Project level permissions work pretty much the same as in activeCollab 0.7.1, but there are more permissions now and plugins can define their own.

Every project have its own set of permissions. You can set per user what he or she can access or do. For example, you can say that Peter from Company A can enter hours while Susan from the same company cannot.

#13

Nick

2007-06-18 3:59

Ilija—great to have info like this as a teaser for 1.0. Can you keep posting more drafts pages of key features?

#14

Skynarc

2007-06-18 7:53

Do you guys have a release date yet for 1.0 yet?

#15

Ilija Studen

2007-06-18 8:20

@Nick:

I’ll see to find something interesting :)

@James:

Sorry, we don’t have a release date set and we don’t plan to announce any. We’ll simply release 1.0 when it gets ready (during the summer).

#16

darkpollo

2007-06-19 2:31

Can a user be the manager of two companys?
Or maybe the manager of one Company and the client on another one?
Great work. Thanks.

#17

Ilija Studen

2007-06-19 3:56

@darkpollo:

There is one simple rule – user can be member of only one company, because of that he or she can be manager of only one company.

#18

darkpollo

2007-06-21 3:34

Thanks. I would need that, but i can live without. :)

#19

Alex Palecek

2007-06-21 7:42

I’m excited about the impending release. Sounds like this role spectrum could fit our model well. I work for a database company in California and I’m seriously interested in a hosted for-pay version of ActiveCollab. However, the time to choose a PM tool is approaching, and I feel I can’t wait much longer unless I get a promising taste of the beta. I applied awhile ago… What gives?

Thanks,
Alex

#20

Ilija Studen

2007-06-22 4:27

Beta is not ready yet.

You will be informed when your beta account gets ready via email. If you would like to cancel your beta application please email me at ilija.studen@gmail.com.

Have fun!

#21

Alex Palecek

2007-06-22 3:32

Gotcha. Thanks.

#22

Ricardo

2007-06-25 10:49

Hi Ilija, congratulations for AC. Question: if we install and start using the current version, how easy will it be to upgrade it to 1.0? Will we be able to just install it over the previous one and everything will be up and running?

#23

Ilija Studen

2007-06-26 12:05

@Ricardo: Upgrade script for users of activeCollab 0.7.1 will be provided so there is no need to worry about your data.

#24

IvanV

2007-07-01 5:22

I haven’t seen AjaxChat in “Coming soon”. I think it’s a must.

#25

Jho

2007-07-05 3:44

will 1.0 be available in hosted and local install as well?