Permissions Management
In a multi-user environment controlling what a user can do is crucial. If you are a using Feng Office as a client extranet you probably don't want one client to see the documents of another client. If you are using Feng Office as an intranet you may have certain workspaces where certain employees are not allowed to edit information, and some other workspaces which are visible to the management exclusively.
Setting the user rights is one of the more complex tasks in Feng Office. There are properties at several places, and you have to know where to find them and how they relate to each other. This page tries to summarize all the different settings that control user rights.
Feng Office provides three ways to manage access permissions to its users:
Defining permissions on a particular user.
Defining permissions on a particular dimension (Project, Client, Folder, Workspace, etc.).
Defining permissions on a user group.
In this section we will explore the three ways of defining permissions.
All three ways are accesible through the Administration Panel. To access the Administration Panel, please do as follows:
Click on your name (top right corner)
Select Settings
Defining Permissions for an individual user
For every person in Feng Office, you can determine:
Will he or she be able to access Feng Office?
What actions he/she will be able to perform.
What parts of the system (which Projects, Clients, Workspaces) he/she will be able to access.
The first option (will the user be able to use Feng Office) is a simple yes or now.
The second option can be quickly defined by the 'User Role', which pre-configures a set of common allowed actions and restrictions.
The third set of settings (what elements or parts of the system the user will be able to access) is determined at the time of:
Adding or editing a new Member (Project, Workspace)
Adding or editing the user.
User roles
Defining a role on a user provides a preconfigured set of system permissions.
See the table below for a quick guide to the permissions defined by each role
| Quick description |
Super Administrator | Can do everything |
Administrator | Can do everything, except managing other administrators and super administrators |
Manager | Can do everything on Clients, Projects and Workspaces for which administrators granted Management permissions |
Executive | Can work on everything, but cannot set permissions |
Collaborator Customer | Is a Customer that can work on data but with restricted permissions, such as not creating or assigning tasks. Can link one object to another provided that they have edit permissions to that object |
Internal Collaborator | Can work on data, but cannot create nor assign tasks. Can link one object to another provided that they have edit permissions to that object |
External Collaborator | Can work on data, but cannot create nor assign tasks. Can link one object to another provided that they have edit permissions to that object |
Guest Customer | Has limited access to view his/her own data. Cannot upload data. Only comments |
Guest | Has limited access to view his/her own data. Cannot upload data. Can't comment |
Non-exec Director | Has access to all data. Can't break things |
For more details, here is a complete and detailed description of User Roles.
System permissions
Go to 'Users' and click on 'Permissions' on the user in question
Go to the 'System permissions' section and select the desired options.
Can manage security configuration: If this permission is set the user will be able to edit other users' permissions in the Administration panel. This option is available for administrators only.
Can manage configuration, owner company data, tabs, logos and colors: If this permission is set the user will be able to edit the Owner Company's data in the Administration panel. This option is available for administrators only.
Can manage task templates: If this permission is set the user will be able to add, edit and delete Templates in the Administration panel. This option is available for administrators only.
Can manage time slots: If this permission is set the user will be able to work in the Time module and add time slots to tasks.
Can add mail accounts: If this permission is set, the user will be able to add e-mail accounts.
Can manage dimensions: If this permission is checked the user will have full permissions over dimensions. He will be able to create new dimensions and change their configuration. This is an advanced administrative feature.
Can manage dimension members: If this permission is checked the user will have full permissions over dimension members. He will be able to create, edit and delete new members. In practice, a member could be a workspace, project, client, etc.
Can manage tasks: If this permission is checked the user will have full permissions over tasks. He will be able to assign tasks to other users and complete them.
Can manage billing: If enabled then the user will be able to edit billing configurations.
Can see other user's tasks: If enabled then the user will be able to see tasks that are not assigned to him/her.
Can update other user´s event invitations: If enabled then the user will be able to change the status of other users event invitations.
Can link objects: If this permission is checked the user will be able to link and unlink objects.
Can edit completed payments: If enabled then the user will be able to edit payments that are already completed.
Can edit confirmed invoices: If enabled then the user will be able to edit invoices that are already confirmed.
Can manage invoicing configuration: If enabled then the user will be able to manage the configuration of the invoicing module.
NOTE: As you may see, there are some boxes which you are not allowed to check. This is due to user role restrictions (see chart above).
Module permissions
Go to 'Users' and click on 'Permissions' on the user in question
Go to the 'Module Permissions' section and select the desired options.
Clients & Projects
Go to 'Users' and click on 'Permissions' on the user in question
Go to the 'Clients & Projects' section and select the desired options.
As you may see, you can drag and drop items in either the 'With permissions in:' or 'Without permissions in:' boxes, according to your preferences. Moreover, you can configure permissions inside each client, project or folder, by clicking on it.
Actions:
If you click on any column (i.e.: 'Read & Write'), the permissions will be set there without you having to click every single one of them.
'Apply the permissions above to all clients and projects down the hierarchy from…':
If you would like a user to have permissions in a whole Client, and also within its folders and projects, you may click on 'Apply the permissions above to all clients and projects down the hierarchy from…' on the bottom right corner of the permissions menu.
'Apply the permissions above to all clients and projects:'
If you would like a user to have those permissions in all of the clients, projects and folders, you do not need to select them one by one, as you may already do it by clicking on 'Apply the permissions above to all clients and projects' on the bottom right corner of the permissions menu.
Workspaces
Go to 'Users' and click on 'Permissions' on the user in question
Go to the 'Workspaces' section and select the desired options.
As you may see, you can drag and drop items in either the 'With permissions in:' or 'Without permissions in:' boxes, according to your preferences. Moreover, you can configure permissions inside each workspace, by clicking on it.
Actions:
If you click on any column (i.e.: 'Read & Write'), the permissions will be set there without you having to click every single one of them.
'Apply the permissions above to all workspaces down the hierarchy from…':
'Apply the permissions above to all workspaces:'
If you would like a user to have those permissions in all of the workspaces, you do not need to select them one by one, as you may already do it by clicking on 'Apply the permissions above to all workspaces' on the bottom right corner of the permissions menu.
Permissions for objects without classification
Go to 'Users' and click on 'Permissions' on the user in question
Go to the 'Permissions for objects without classification' section and select the desired options.
Permissions categories
'None' → no permissions at all
'Read only' → only see things and comment them. In case of tasks, only being able to complete tasks assigned to the person in question
'Read & Write' → see things, create new ones, and modify existing ones
'Read, Write & Delete' → same as the previous option, but also being able to delete information
Note: Remember to save the changes after setting the permissions up!
Permissions by User Groups
Feng Office not only allows you setting up the permissions by users, but you may also create a group of users, set permissions for the group, and then all of these permissions will be applied to the users.
In order to add a new group, please do as following:
Click on your name (top right corner)
Select Settings
Access Users, groups and permissions, and add a new group or click an existing one to edit it.
Once you get here, you will have to do as following:
Add a Name for the Group you are creating
Select the users (by clicking on them) who will belong to this group
Select the System Permissions, Module Permissions, Clients & Projects Permissions and Workspaces Permissions for the members that this group will have (you can click on the green ? icon if you are not sure what is the permission for). This is done in the same way as for individual users (see above section).
Group and user permissions
NOTE: Permissions, whether they are group or user permissions, are always limited by the permissions related to the USER ROLE.
For example, if you create a user with the role GUEST USER, the permissions this user will have are those stated for it's role, and adding him to a group with more permissions or changing its system permission will not override them.
You may add or remove users from a group whenever you feel like, but please bear in mind that the permissions the user will have are the maximum permissions granted by either the groups the user belongs to (it may belong to more than one) or the permissions that were set for him as a user. This means that if the user cannot access a project due to his permissions, but he is added to a group that can, his permissions will be overridden and he will be able to access this project, and viceversa.
For instance: If John Doe does not have permissions to access Acme Project, but someone adds him to a group that has permissions over Acme Project, from then on John Doe will be able to access it.
Discontinued Permissions
Following this link you will find a section dedicated to permission configurations which have been discontinued.