Skip to main content

Permission management

With role-based permissions, you'll be able to define in awork what people can and can't see/edit.

Lucas Bauche avatar
Written by Lucas Bauche
Updated today

The permission management in awork is based on general permission roles and project roles. The general permission roles apply to the entire awork workspace and therefore also across projects.

The rights of the project roles only apply to the projects where the user is assigned as a member of the project with the said role.

You can find the permission management in the main menu under Settings > Permissions.

General permission roles

How are general roles used?

General roles define permissions at the workspace level. Every person in the workspace must be assigned to one of these roles. You can either create your own roles or use the preconfigured roles such as Admin, User, or Guest.

Create a new role

To create a new role, simply click on the blue + New Role-button. Now you will be able to choose a name for the role and decide whether you want to configure it yourself or use a template from awork. If you create a role from a template, you will be able to customise it afterward.

Edit or delete a role

You will be able to edit and delete project roles in the project roles overview by clicking the action button.

However, the Admin and Guest roles cannot be edited or deleted.

If you delete a user role, you will need to choose another permission role that the users should be assigned to instead. One user must always have a permission role assigned to them.

Preconfigured roles

If the permission roles have not yet been customised in your awork, these three roles exist:

  • Admin: Allowed to do everything

  • User: Allows to do everything except changing the settings

  • Guest: Strongly restricted and needs explicit rights for a project.

Assign roles

At the bottom of the Settings > Permissions page, you will find a list of all users. Here you can assign users their appropriate permission role.

There is a search field to the right of the assigned permission roles. Here you can search for users by name, e-mail address, team and role.

☝️Hint: You will not be able to remove yourself from the Admin role, as you would lose access to this page.

Guest role

The Guest role in awork is a special role, with very limited permissions. It is intended for external users that can be invited via awork Connect.

Learn more about external users in awork here.

Admin role

The Admin role is a system role in awork. They have all permissions and are allowed to see everything in awork except private tasks and calendars.

Additionally, only users with the Admin role are allowed to make certain changes in awork. These include:

  • change the subscription

  • configure the permission management

  • invite users

  • import data

Why can't I change some roles (Guest & Admin)?

The roles Admin and Guest are system-relevant roles in awork with predefined permissions. These roles can neither be deleted nor edited.

I only want to give permissions to specific projects. How can I set this up?

Suppose you wish a user to have access only to certain projects. In that case, you will be able to simply revoke all permissions in the permission role and set the permissions for the individual projects by adding a user to the project and selecting a project role.

Project roles for different rights, depending on the project

What are project roles?

The project roles define the permissions at project level. If a user is not part of the project team, the permissions from the general permission role will apply to them. If a user is added to the project as a member, a project role must also be selected.

☝️ Hint: Project roles can always grant more permissions to a user but never reduce them.

How are project roles created?

To create a new role, simply click on the blue + New role-button in the project-roles section. Now you can define a name for the role and decide whether users in this role can see/edit the project details, see/edit project tasks or see/edit the project times.

A project role can be defined as a standard role. This role is then always preselected when a project is assigned. If the default role is deleted or the marking as a default role is removed, an alternative default role must be selected.

Permissions explained in detail

Projects & Tasks

Private tasks

Your own private tasks can only be seen and edited by yourself. No special permissions are needed for this.

Project tasks

Project tasks that are assigned to a user can always be seen and edited by this user.

Create projects

Active

Users are allowed to create projects


Inactive

Users are not allowed to create projects


The project creator always has all rights within the project they created. These rights cannot be revoked.

Project Details

Edit

  • see all projects in the project overview

  • view and edit the project details for all projects

  • delete projects

Read

See all projects in the project overview

  • view the project details for all projects

None

  • only projects where you are a member can be seen

Project Tasks

Edit

  • allowed to view, edit, create and delete tasks in all projects

  • allowed to use templates within the projects

Read

  • see all tasks in projects

  • task details cannot be edited, i.e. tasks cannot be commented either

None

  • No project tasks can be seen or edited unless the user is a project member and has the corresponding rights.

Project Times

Edit

  • view, edit, and delete the times of all projects

  • see the cumulated times for the project or task progress

Read

  • view the times of all projects

  • see the summed times for the project or task progress

None

  • no project times can be seen or edited unless the user is a member of the project and has the corresponding rights

  • no aggregated times for the project or task progress can be viewed

Users

User Details

Edit

  • view the overview and user's details

  • activate or deactivate users

  • edit users

Read

  • view the overview and details of the users

None

  • not allowed to view the overview nor user's details

  • only users with whom you collaborate on projects can be seen, e.g. for mentioning in comments or for filling tasks

User Times

Edit

  • view and edit all recorded times of other users - even those that are not related to the project

Read

  • view all recorded times of other users - even those that are not related to the project

None

  • no times of other users can be seen or edited, unless the user is a member of the project and has the corresponding rights or generally recorded times of projects can be seen (see above)

Customers

Customer Details

Edit

  • all created customers can be viewed, edited and deleted

  • new customers can be created

Read

  • the overview and details of customers can be viewed, and when creating new projects, all customers are available for selection

None

  • no access to the overview or details

Settings

Project Settings

  • Project templates and project types can be created and managed

Task Settings

  • the types of work, as well as the task templates (also within project templates), can be created, edited, and deleted

General Settings

  • manage the general settings such as the workspace name, logo, and URL

  • Manage or remove integrations

  • manage the settings related to the time tracking

Hint☝️: The workspace can be deleted only by admins.

Hide individual menu items

In the menu items visibility tab of the permission role details, it is possible to define which menu items should be visible for users in their role in the main menu and which will be hidden.

This way, you will be able to hide whole areas, e.g. if a certain group of users does not need to see the time tracking area, and these menu items would only disturb them.

Just click on the eye icon to enable or disable the menu items for that role.

If the eye icon is deactivated and not selectable, the permission roll already has too few permissions to see the menu item at all, and it is already automatically hidden.

Frequently Asked Questions (FAQ)

Is it possible that users can only see their own projects & tasks?

Yes, it is possible to create a role in awork where users can only see projects they are members of. In this case, the user cannot see other projects or times entered by other users. This role is especially useful if freelancers or clients are invited to join the team.

Do the permissions also apply in the API?

Yes, the configured permissions also apply to the awork API.

Is there a setting that completely prevents users from tracking time?

Yes, in Settings > General, Admins can disable the time tracking for the entire workspace. This is possible from the Professional plan onwards.

Who can delete projects?

Users who are allowed to edit the project details in the workspace-wide as well as project-based permission role can delete projects. Independently of this, every user can delete the projects he/she has created at any time.

Is the permission management available in all plans?

The preconfigured permission roles are available in all plans. The custom permission management however, is only available from the standard plan onwards.

Related Articles
Editing task details
Manage users
awork mobile app (iOS & Android)
Integration for Slack
Webhooks
Did this answer your question?