The management of permissions and access rights is the most complicated element of ]project-open[ because it really is a management of trust relationships. There is a dilemma between:
To solve this dilemma ]project-open[ classifies users in two ways. Horizontally, by using User Profiles and vertically by using User Hierarchy.
User profiles correspond to department membership in the company or roles that associated business partners play in your organization.
The most important User Profiles defined in ]project-open[ are:
Each profile can be assigned different permissions according to their function. See the list of of all Profile Permissions that can be assigned per Profile. The permissions attached to each profile are set using the User Profile Admin screen. Using this you can build a profile that defines each type of user that will come into contact with ]project-open[ within the context of your company environment. Users can belong to more than one profile.
The user hierarchy determines the relational permissions between different user profiles. While Profiles are used to determine the rights of a user in context to system actions, the user hierarchy determines the rights of a user to administer another. The classic case is of users forgetting or losing passwords in which case the System Administrator is empowered to change and set their private data so that they can regain access.
More complex cases than that arise within ]project-open[ such as preventing customers from viewing the details of other customers, and not permitting Employees to access private data unless they are HR Managers. In ]project-open[ the main utility for configuring this vertical permissive hierarchy is through using User Matrix Admin screen.