- Which user roles can be assigned
- What data users with the respective roles can access in Alasco
- Which combinations of roles and rights make sense
In Alasco, there is a multi-level rights and roles concept so that each user can view and edit relevant information according their responsibilities and tasks.
Roles/rights are assigned by administrators on three separate levels:
- Account roles (general user status)
- Project roles (user role within a specific project)
- Workflow assignment (distribution of tasks within the invoice or change order workflow)
The account role of a user determines which access the user has to the available account functions.
The three account roles are:
- Admin: Can manage the entire Alasco account (manage projects, users, etc.)
- Regular user: Has selective read access at the account level
- Restricted user: Has no access rights at the account level except for login
If you have activated the Revenues feature in Alasco, you can define the access of users to this functional area separately from their account role and the associated editing rights in the functional areas Costs, Master Data and Project Settings.
The project role of a user determines which access is allowed at the project level. A user is added to a project by assigning him/her a project role. A user can have different project roles in different projects. In principle, "Regular Users" and "Restricted Users" (Account roles) only see data related to the projects in which they have a project role.
The 5 project roles in the functional area Costs are:
- Internal employee
- External employee
- External employee (workflows only)
The 3 project roles in the functional area Revenues are:
- No access (the whole feature is unavailable)
For more detailed descriptions of the project roles, follow the article to the end.
In addition to account and project roles, users can be assigned rights via the assignment in a workflow. If a user is assigned to a step in a workflow, he or she receives all the necessary permissions for processing this workflow step.
The permissions in a workflow may exceed the permissions of the user's account or project role. If necessary, check whether the users you have assigned to workflows should also read and process all data that is displayed to them in the respective workflow step.
Project roles in detail
In the following you will find detailed descriptions of the project roles and the account roles recommended as standard. Roles differ significantly in terms of which data can be read or edited (created, changed and deleted).
Read rights make it possible to view corresponding content and export it as a PDF or Excel file. With edit rights, new contractors or contract units can be created and existing ones can be modified. The workflow rights refer to the ability to modify the invoice workflow and change order approval process.
The Manager project role is the most powerful project role in Alasco and therefore has full access to all relevant project data (an example would be the project manager).
In order to avoid unexpected access rights behaviour, we recommend that only users with the Manager project role are granted the Admin account role.
In order to transfer invoices and all relevant invoice data from Alasco to DATEV at the end of the invoice verification, the Manager project role is required.
Compared to the project role Manager, the project role Internal employee has limited editing rights in the assigned projects (an example would be the project assistant).
In order to avoid unexpected behaviour of the access rights, we recommend that users with the project role Internal employee are only assigned the account role Regular user.
Compared to the project roles Manager and Internal employee, the project role External employee has limited editing and reading rights in the assigned projects (an example would be the Contractor/Invoicing party).
To avoid unexpected access rights behaviour, we recommend that users with the External employee project role are only assigned the Regular user account role.
External employee (Workflows Only)
The project role External employee (Workflows only) has no edit or read rights in the assigned projects, except via assigned steps in workflows.
The project role can only be used with the account role Restricted User.
The project role Observer has full read rights for the assigned projects (an example would be the tax advisor).
To avoid unexpected access rights behaviour, we recommend that users with the project role Observer are only assigned the account role Regular user.
If you would like to further restrict the read and write access of a certain group within Alasco, this can be done using the restricted access setting under the project settings.