Articles in this section

Manage Security Levels and Permissions

Security Levels & Manager Permissions explains what each role can do (Standard User, Manager, Administrator), how Administrators assign a role, and how to scope/configure Manager access by Division and by Project. It also covers the granular Manager permissions for timesheets, time off, expenses, lists, and rates.

Who can do this: Administrators only. Managers (even with People Edit permissions) cannot assign or change security roles or Manager permissions.

Jump to:

Assign a Security Level

Admins only: Set or change a person’s security level when creating them, or later from Company → People. Click the Edit (pencil) next to their name, open Security & Permissions, and click Edit Section. Choose Standard, Manager, or Administrator and click Update to save.

Role overview

  • Standard User — Enters their own time/expenses; can view and report on their own data only (no access to company configuration or other people’s data).
  • Manager — A configurable role. You (an Admin) can grant access to review/approve, run reports, and view/edit lists, typically scoped by Division and/or Project. Managers do not have access to Company → Preferences and cannot delete company data (they should inactivate items instead).
  • Administrator — Full access to all company settings, lists, and data (including Company → Preferences).

Manager Access Levels

Admins configure access scope. Limit what Managers can see and do via: Division Access Level (by the person’s Division) and Project Access Level (by projects they manage). Available on Team (or above) plans.

Division Access Level

Choose whether a Manager applies to All People or to People in specific divisions. When scoping to specific divisions, use the selector at the bottom of Security & Permissions to move items from Available Divisions to Selected Divisions. Division scope applies to most Manager permissions. EXAMPLE:

divisional assignment 2.png
  • Timesheets: Division-scoped Managers can approve time for anyone in their assigned divisions. Only the Timesheet Approver on a person’s record receives submission emails.
  • Expenses & Time Off: Managers can approve only for employees who list them as the approver on Person Details. (Division scope does not override the designated approver.)

Project Access Level

Enable This person should only see projects they manage to restrict a Manager’s access to projects where they are listed as Project Manager (set on each Project Details page). Confirm the prompt to apply.

  • Project-scoped Managers can add projects, approve hours, and run reports for only the projects they manage.
  • They will not have access to Company → Timesheets or certain timesheet-related dashboard panels.
  • Scope also applies to Project Insights and the Resource Management grid.

Granular Manager permissions

Admins grant these permissions. The options below are affected by the Division/Project scope you set above.

Resource Management

Grant View or Add & Edit access to the Resource Management grid. Access respects Division/Project scope. Managers with RM access must be able to view billing rates (required for budgeting).

Reports

Enable Run company reports to allow Managers to run reports (scope may apply). Note: The Expense Export (beta) report is available to Administrators only.

Timesheets

  • Review timesheets — Access Company → Timesheets for review.
  • Notify users about their timesheets — Send reminders from the Timesheets page.
  • Lock and approve timesheets — Change status; enables approval actions when Approvals are in use.
  • Unlocking: Managers can unlock only if an Admin enables it in Company → Preferences → Security Settings.
  • Override timesheets — Allow entry/edit on behalf of employees.

Time Off

Choose whether a Manager is a Time Off Approver for all employees or only specific divisions. Approved Managers appear in the Time Off is approved by field on each Person’s record.

Expenses

  • Review expenses — Access Company → Expenses.
  • Lock and approve — Be selectable as Expense Sheet Approver and change sheet status.
  • Mark expenses as paid — Change approved → paid.
  • Override expenses — Create/edit sheets and items for employees.
  • Expense Types / Payment Types — Grant View or Add & Edit to manage list values on Company → Expenses.

People Lists

Controls access to Company → People, Company → Divisions, and the Employment Types list.

  • Divisions: View list; Add & Edit can add/inactivate divisions.
  • People: View list; Add & Edit can add/edit/inactivate people.
  • Cost Rates (View): Allows seeing cost rates where visible; if not granted, cost fields are hidden in reports.
  • Employment Types: View or Add & Edit; requires permission to View and Add/Edit People.

Client, Project, and Task Lists

  • Clients: View list; Add & Edit can add/inactivate clients.
  • Projects (and Project Insights): View project list; Add & Edit can add/inactivate projects. Project Insights access follows these permissions and Manager scope.
  • Tasks: View task list; Add & Edit can add/inactivate tasks.

Billing & Cost Rates

Grant View or Add & Edit for Billing Rates and Cost Rates. To edit, Managers must also have permission to edit the page where rates are stored (Person, Client, Project, or Task — depending on your billing model).

  • Reports: If a Manager can’t view rates, rate columns are hidden in reports they run.
  • Resource Management: Access requires the ability to view billing rates.
  • Projects access: Managers with Projects access can still see billable amounts even without rate view/edit permissions.

Administrators

Administrators have full access to all data and settings, including Company → Preferences, Company → Advanced, and Company → Integration.

Use the Administrator role sparingly. Most day-to-day approvals, reporting, and list maintenance can be delegated to scoped Managers using the permissions above.

Related articles

Comments

0 comments

Please sign in to leave a comment.