Rights and roles

Overview

  • Which user roles can be assigned
  • What data can users access based on their respective roles
  • Which combinations of roles and rights make sense

 

Introduction

Alasco has a multi-level rights and roles concept so users can view and edit relevant information according to their responsibilities and tasks.

The assignment of a role and, thus, the access authorisation is already carried out when a user is invited. Every user has an account role, which defines the general user status in the entire account, and a project role, which specifies what authorisations the user has within a specific project.

An administrator can edit users' account and project roles at any time in the master data in the "Users" tab.
There is always a standard project role for each user, which is defined when the user is invited. This standard project role is applied when that user is assigned to a new project. The project role can also be customised under the "Assigned Users" tab in the project settings. 

Regardless of the account and project role, you can assign a user to an invoice or change order workflow in order to assign them specific tasks during the invoice and change order workflows.

 

Account roles

The account role of a user determines which access the user has to the available account functions. 

The three account roles are: 

  • Admin: Can manage the entire Alasco account (manage projects, users, etc.)
  • Regular user: Has selective read access at the account level
  • External user: Has no access rights at the account level except for login

Note:

If you have activated the Revenues feature in Alasco, you can define the access of users to this functional area separately from their account role and the associated editing rights in the functional areas Costs, Master Data and Project Settings.

 

Project roles

The project role of a user determines which access is allowed at the project level. A user is added to a project by assigning them a project role. A user can have different project roles in different projects. "Regular Users" and "External Users" (Account roles) only see data related to the projects in which they have a project role. 

The five project roles in the functional area Costs are:

  • Manager 
  • Internal employee
  • External employee
  • External employee (workflows only)
  • Observer

Note:

If a user does not have a project role within a project, they, therefore, do not have access to the project.

For more detailed descriptions of the project roles, follow the article to the end.

 

Combination of account and project roles

The following combinations of account and project roles are possible (✓) or not possible (✗) in Alasco:

Role Admin Regular User External user

External employee (workflows only)

Manager
Observer
Internal employee
External employee

 

Workflow assignment

In addition to account and project roles, users can be assigned rights via the assignment in a workflow. If a user is assigned to a step in a workflow, they receive all the necessary permissions for processing this workflow step.

Caution:

The permissions in a workflow may exceed the permissions of the respective user's account or project roles. If necessary, check whether the users you have assigned to workflows should read and process the data displayed to them in the respective workflow step.


 

Role combinations in detail

In the following sections, you will find detailed descriptions of the account roles and the compatible project roles. Roles differ particularly in terms of which data can be read or edited (created, changed and deleted).

Read rights make it possible to view corresponding content and export it as a PDF or Excel file. With edit rights, for example, new contractors or contract units can be created and existing ones can be modified.

Account role Admin

Admin + Manager

The Admin account role is the most powerful account role in Alasco. Users with administration rights have full access to the master data of an account and can read and edit it without restriction.
The Admin is compatible with the project roles Manager, Observer and Internal employee.

The Manager project role is the most powerful project role in Alasco and, therefore, has full access to all project data in an assigned project (an example would be the project director).

Admin + Observer

The Observer project role has full reading rights for the assigned projects (an example would be the tax consultant).

A user with the Observer project role can check invoices or change orders assigned to them and edit their own view of the dashboard and cost controlling table.

Admin + Internal employee

Compared to the Manager project role, the Internal employee project role has limited editing rights for the assigned projects (an example would be the project assistant).

A user with the Internal employee project role can still see the budget and the contract units, but cannot edit them. Contracts, change orders and invoices, however, can be edited and created. Assigned invoices and change orders can also be checked. The cost controlling table or the cash outflow table cannot be accessed.

Account role Regular user

Regular user + Manager

The Regular user account role has limited access to the master data of an account compared to the Admin role. For example, regular users can only add contractors but have read-only access to most of the master data.
A regular user has no access to the project settings, project groups, custom fields, user administration and change history.

The regular user account role is compatible with the project roles Manager, Observer, Internal employee and External employee.

The Manager project role is the most powerful project role in Alasco and, therefore, has full access to all project data in an assigned project (an example would be the project director).

Regular user + Observer

The Observer project role has full reading rights for the assigned projects (an example would be the tax consultant).

A user with the Observer project role can check invoices or change orders assigned to them and edit their own view of the dashboard and cost controlling table.

Regular user + Internal employee

Compared to the Manager project role, the Internal employee project role only has limited editing rights in the assigned projects (an example would be the project assistant).

A user with the Internal employee project role can still see the budget and the contract units, but cannot edit them. Contracts, change orders and invoices can be edited and created. Assigned invoices and change orders can also be checked. The cost controlling table or the cash outflow table cannot be accessed.

Regular user + External employee

Compared to the Manager and Internal employee project roles, the External employee project role has even more restricted editing and read rights in the assigned projects (an example would be an external planner).

Users with the External employee project role do not have access to the budget of a project. They can see the contract units, contracts and change orders, but cannot edit them. They can create new invoices and check invoices and change orders assigned to them. The cost controlling table or the cash outflow table cannot be accessed.

Account role External user

External user + External employee

The External user account role does not have access to the master data of an account.

The External user is compatible with the External employee and External employee (workflows only) project roles.

Compared to the Manager and Internal employee project roles, the External employee project role has even more restricted editing and read rights in the assigned projects (an example would be an external planner).

Users with the External employee project role do not have access to the budget of a project. They can see the contract units, contracts and change orders, but cannot edit them. They can create new invoices and check invoices and change orders assigned to them. The cost controlling table or the cash outflow table cannot be accessed.

External user + External employee (workflows only)

The External employee (workflows only) project role has no editing or read rights in the assigned projects, except via assigned steps in the workflows.

This project role can only be used in conjunction with the Restricted user account role.

Tip:

If you would like to further restrict the read and write access of a certain group within Alasco, this can be done using the restricted access setting in the project settings.

LEGAL

Was this article helpful?
8 out of 12 found this helpful

Articles in this section

See more
We are here for you
We are happy to support you personally from Monday to Friday between 9.00 am and 5.00 pm.