While most of the security rights in BigTime are self-explanatory, there are several rights that have evolved into popular features over time. You can certainly scan down the list of rights to find the permission set(s) you're looking for, but below is a general review of the most popular security settings and a brief overview of what activating/de-activating them does to the system.
See Also BigTime's Standard Security Groups |
The first two sections of the security rights are both dedicated to restricting a user's access to the menu(s) and sub menus in BigTime. Most of these are fairly self-explanatory, and you can see that the built-in security groups tend to use menu restrictions the most (e.g. - the "everyone" group is only allowed to see the Daily Routine menu).
In addition to these security settings, there are a small set of "check box" settings on the System Settings...General Settings page that you can use to turn on/off specific Daily Routine features your firm doesn't use (e.g. - you can turn off task management, expense entry, etc.).
When you give managers access to the Management menu, they are able to see the Project List screen. As a system administrator, you can see every project in the system. As a manager, you may want to restrict the projects that show up on that page. System permission 2.8 is used to allow managers to see ALL projects on that list. If you'd like managers to see ONLY the projects they are staffed on, then revoke that permission.
That same security setting will determine the projects those managers will see when they print out most of BigTime's reports. Users with permission 2.8 can see "all" projects. Users without this permission will see ONLY the projects they are staffed on.
You may also want to take a look at BigTime's project privacy settings if restricting access to the project dashboard data is important to you.
The same type of restriction can be placed on the manager's view of your staff list. Permission 2.7 is used to limit the staff list views and reports so that managers see only the staff they have management authority over. If a manager has authority over a particular staff member's "group," then that manager will be able to see that user. If they don't, then the system will take a look at permission 2.7 to figure out whether or not the manager should be able to see the user's information.
Even if you allow your managers to see the staff list, many firms don't want to share any of the information in the HR/Accounting section of the staff member's "general" page. That section contains billing rates, capacity information, hourly cost rates and (if you decide to track it in BigTime) salary information.
To prevent any of your security groups from seeing that HR/Accounting data, just revoke permission 7.3 in the security settings. This will not only hide the HR/Accounting section from those users, it will also prevent them from seeing any of the staff views that show that data (e.g. - the rates list and the HR list).
The dashboard is a repository for all of the information associated with a specific project, but some of that information is sensitive. You can hide various menus/selections in the dashboard from your users by adjusting the permissions in group 4 and group 5.
Permission 4.5 and 4.6 will hide contract data (like billing rates and contract terms) from your users. Even if you would like to share that information with your managers, you may decide it should be "read only." If you'd like to setup users with read-only access to contract data, then grant 4.5 and 4.6, but revoke 4.7.
Finally, many firms would like to restrict the list of projects that their users see when they are entering time/expenses into the system. We use the system permissions 7.1 and 7.2 to accomplish this.
To give users access to ONLY the projects they are staffed on, you need to revoke permissions 7.1 and 7.2. Don't forget to add users to project teams, or the system won't have any way of knowing which projects a user should be allowed to bill time/expenses to!
In addition to the teams they are staffed on, users will be able to bill time to any project marked as a "public" project (e.g. - any project that has the "allow any user to bill time/expenses" check box turned ON in the dashboard's General Info page).