Title: Example Organizational Access, Roles, and Data in Reports
When assigning a specific role to a user in Unanet, it does not by default give them access to data in reports that are associated with having this role. You can reverse this default, but most of our customers prefer that layer of protection. In addition to assigning a user the role, you must also grant the appropriate Organization Access in the person's profile. Organization Access allows you to open permissions for a user in a certain role to specific or All Organizations. In Admin > Properties you can decide how organization access will default for users. Most Unanet customers prefer to leave Properties default to "None" and control the settings by person as it can be specified to either allow finite or broad access to data. For person roles with organization access set to "All," the system by default will include all legal entities. Org Access is not automatically limited to organizations within that legal entity so granting organization access intentionally is advised.
The organization access given to a user will not prevent project administrator roles from being assigned. All users with a specific role, for example Project Manager, will be an option to assign to a project administrator role, no matter the org access they've been given. This applies to project assignments as well. All people can be filtered and selected to be assigned to work on a project no matter their organization access.
Also, in order to allow certain data to be seen in reports (such as Bill Rate and Cost Rate), more than one role will need to be given to the user along with the correct Organization Access settings. For example, the roles of Project Manager and Bill Rate Manager would be given to a person who needs to edit projects and see project data in reports including bill rate information. It is important to note that if Organization Access is set to "All" Project Orgs or "All" Owning Orgs, the person will be able to see "All" in the project reports no matter which people have charged. For more information on Organization Access please see KC - Organization Access
What’s covered in this document:
Example Roles and Org Access Setup That Limits Available Data Views
The user has the Project Manger and Project Viewer roles in Unanet as well as Organization Access to ALL projects.
Here are the user's roles in Unanet:
For more information on Roles please see Roles and Org Access Webinar.
Here is the user's Organization Access setup in Unanet:
For more information on Organization Access please see KC - Organization Access.
The Cost Rate Data is not available and the Cost Rate Column is hidden from the user's report view on the following Time Details Report. This is because the user does not have the Cost Rate Manager role. The user can, however, view all projects in the system.
Modified Roles to Allow Available Data Views
If the user is given the Cost Rate Manager role, in addition to the Project Manager and Project Viewer roles already assigned, the user is now able to see the cost rate data. The report is the same but now the cost rate information is available that initially was hidden from the user's view and restricted due to the user's roles. This is the report that the user is able to see now and the cost rate column is displayed:
(Further note, there are additional Admin > Properties that allow Rate Permissions for non-cost rate managers. Also, this works in conjunction with the individual project's access tab configuration.)
Conversely, if the Project Manager and Project Viewer role are removed from the user's Person Profile, the user will still have the Cost Rate Manager role but will no longer be able to see any projects. In fact, when the user searches for the same project in the same reports query, the project does not come up in the search results. The user would, however, be able to see People reports for All or specific Orgs of People.
Here are the user roles now that Project Manager and Project Viewer have been removed:
The query for the same project returns no results:
Modified Org Access to Restrict Areas of Access
Furthermore, if the user's Org Access is changed from All, access will be restricted.
Using the sample Org Access set up below, the user will be able to see all projects as a Project Viewer. As Project Manager, the user will only be able to edit those projects for CUSTOMER-2 and in the Owning Org of CS-TECH-SERV.
Quick Tip For Administrators
If you are unsure which combination of roles and organization access to assign to a user, you can open two different browsers. For example, open Firefox and Chrome. Log into one with your administrative credentials and the other with the user's credentials. This way you can verify the appropriate access to data has been given to the user. Change the user's roles and org access setup, save, then verify what the user will see by running the associated reports. Keep in mind that you must log out and log back in on the browser you have designated as the user's browser for the role changes to take affect.