This article outlines how user permissions are determined across Procurement Planning, Advanced Evaluations, and Contract Management modules. User permissions, which govern the ability to view or update system records, are derived from a combination of Default Permissions based on department and roles, and additional User Group Permissions.
Key Ideas
Permissions are driven by several factors, applying to users accessing the Procurement Planning, Advanced Evaluations, and Contract Management modules.
Default Permissions
Default permissions are inherited based on a user's department and any role they are allocated on a 'parent' record (e.g., Plan, Evaluation, or Contract).
| Applicable Module(s) | Permissions |
|---|---|
| Procurement Planning & Contract Management | Users can view all records (Plans & Contracts) belonging to their department, or any department where theirs is listed as the 'Parent'. |
| Procurement Planning | Users can view and update any Plans where they are assigned as the Procurement Officer or Manager. |
| Advanced Evaluations | Users can view and update any Evaluations where they are assigned as the Procurement Officer or participate in any where they are a member of the Evaluation Panel. |
| Contract Management | Users can view and update any Contract where they are assigned as the Contract Manager, Owner, or Sponsor; or where they are assigned to a structured custom role with the appropriate Read or Edit permission. |
User Group Permissions
Select users can be allocated to one of three User Groups to inherit additional permissions beyond the default settings.
| User Group | Permissions | Potential Use-Case |
|---|---|---|
| Read All | Can view all records (Plans, Evaluations & Contracts) in the system, regardless of their department or role allocated on the record. | Members of the Finance team might require visibility over all records. |
| Procurement Team | Can view and update all records (Plans, Evaluations & Contracts) in the system, regardless of their department or role allocated on the record. | Members of the Procurement team might require visibility and the ability to update all records. |
| Administrators | Can view, update and delete any records in the system (Plans, Evaluations & Contracts), regardless of their department or role allocated on the record. Additionally, they can access the Control Panel, system-wide and module-specific settings, and perform various other administrative functions. | Any user responsible for the ongoing management of your system. |
What's Next / Related
- Edit User Access and Permissions: Step-by-step instructions to edit a user.
Troubleshooting User Permissions (Troubleshooting)
Fixes
Top issues are listed below, ordered by their likely frequency.
| Issue | Cause | Fix |
|---|---|---|
| User can't view any records outside of their own department. | The user is not a member of the Read All or Procurement Team User Group. | Add the user to the Read All or Procurement Team User Group. |
| User can view a record but can't update it. | The user has Default Permissions (view-only based on department or parent role), but not the necessary Update role on the record, or they are not in the Procurement Team or Administrators User Group. | Option 1 (Recommended): Assign the user a specific update role on the record (e.g., Procurement Officer on a Plan). Option 2: Add the user to the Procurement Team User Group. |
| User can't view or update a record that is assigned to them. | The user is missing the specific role (e.g., Contract Manager, Procurement Officer) on the record required to grant them access. | Verify the record's user assignment fields and assign the correct role to the user. |
| User can view and update most records but is missing a specific feature/setting. | The user may be in a group with broad access but still lacks the highest-level permissions. | Confirm if the missing feature requires an Administrator role, and if so, add the user to the Administrators User Group. |
Limits & Notes
- Role Differences: Note that some roles have unique permissions, as detailed in the Default and User Group Permissions section.
- Inheritance: Default permissions primarily grant access to records belonging to the user's department or the Parent department.
- Least Privilege: As a best practice, avoid granting the highly-privileged Administrators role to a user unless their job function absolutely requires system-wide management and control panel access.