The rights management in awork is based on general authorization roles and project roles. The general permission roles apply to the entire awork workspace and therefore also across projects.
The rights of the project roles only apply to the projects where the user is assigned as a member of the project with this role.
You can find the rights management in the main menu under Settings > Rights Management.
General authorization roles
The general authorization roles apply to the entire awork workspace and therefore also across projects.
Each user is always assigned exactly one role.
In the role you'll be able to define what users with this role can see and edit. Additionally you'll be able to hide menu items for certain roles.
Create a new role
To create a new role, simply click on the green Add button. Now you'll be able to choose a name for the role and decide whether you want to configure it yourself or use a template from awork. If you create a role from a template, you'll be able to customize it afterwards.
On the details page of the permission role you'll find all the options for setting the permissions. All details about the individual settings can be found below in this article.
Edit or delete a role
You'll be able to edit and delete project roles in the project roles overview by clicking the action button.
However, the Admin and Guest roles cannot be edited or deleted.
If you delete a used role, you need to choose another permission role that the users should get instead. One user must always have one permission role assigned to him/her.
If the permission roles have not yet been customized in your awork, the three roles exist:
Admin: Allowed to do everything
User: Allows to do everything except changing the settings
Guest: Strongly restricted and needs explicit rights for a project.
At the bottom of the Settings > Permissions page you will find a list of all users. Here you'll be able to assign users their appropriate permission role.
Hint☝️You won't be able to remove yourself from the Admin role, as you would lose access to this page.
The Guest role in awork is a special role, with very limited permissions, yet users with this role only take up 1/3 of a booked user in awork.
Learn more about guests in awork here.
The Admin role is a system role in awork. He/she has all permissions and is allowed to see everything in awork except private tasks and calendars.
Additionally, only users* with the Admin role are allowed to make certain changes in awork. These include:
change the subscription
configure the rights management
Why can't I change some roles (Guest & Admin)?
The roles Admin and Guest are system relevant roles in awork with predefined permissions. These roles can neither be deleted nor edited.
I only want to give permissions to specific projects. How can I set this up?
If you wish a user to have access only to certain projects, you'll be able to simply revoke all permissions in the permission role and set the permissions for the individual projects by adding a user to the project and selecting a project role.
Permissions explained in detail
Projects & Tasks
Your own private tasks can only be seen and edited by yourself. No special permissions are needed for this.
Project tasks that are assigned to a user can always be seen and edited by this user.
Users are allowed to create projects
Users are not allowed to create projects
See all projects in the project overview
Hint☝️Der Workspace kann nur von Admins gelöscht werden.
Hide individual menu items
In the Menu Visibility tab, in the details of an authorization role, it is possible to define which menu items should be visible for users in the role in the main menu and which will be hidden.
This way you'll be able to hide whole areas, e.g. if a certain group of users doesn't need to see the time tracking area and these menu items would only disturb them.
Just click on the eye icon to enable or disable the menu items for that role.
Is it possible that users can only see their own projects & tasks?
Yes, it is possible to create a role in awork where users can only see projects they are members of. In this case the user cannot see other projects or times entered by other users. This role is especially useful if freelancers or clients are invited to join the team.
Alternatively, the guest role can be used. Users in this role do not need a full user license in the Premium Plan.
Do the rights also apply in the API?
Yes, the rights configured here also apply in the awork API.