Authorization

Authorization – the foundation

The Fortes Change Cloud has basic user roles in three* types:

  1. System administrator: this person is allowed to do everything in the tool.
  2. Normal user: this person cannot do anything in the tool until this user is given a specific role (Manager, Reader, Member) in areas (portfolio, project, resource pool, etc.).
  3. External user*: this person has very limited capabilities in the tool (see bottom of this article)

* To use the ‘External Users’ setting, module 16 must be activated on your environment by the Fortes helpdesk.

As soon as someone is entered into the Fortes Change Cloud, it must be indicated what basic role the user has.
Users can only be entered by an employee with the basic ‘System Administrator’ role.

Assigning Specific Roles on Portfolio, Project, Folders, etc.

An employee with the basic “Normal User” role cannot do anything in the tool until that user is given a specific role (Manager, Reader, Member) in areas (Portfolio, Project, Folders, etc.).

Across the Fortes Change Cloud, you can give employees specific roles. To do this, you will encounter the following buttons:

or

Based on the given specific roles, employees are given the right to perform certain actions in the tool: management rights, reading rights or as a Member limited writing rights.

The rights work globally everywhere as shown in the table below.

RoleRights
ManagerMay do everything in the specific area such as: give users specific roles customize structure customize layouts of screens read everything
SupporterCan do the same as a ‘Manager’
ReadersMay read anything within the specific area
MembersMay be assigned a specific role within the specific area.
CoordinatorCan generally do the same as a “Manager

Roles by area

Per area (Portfolio, Projects, Folders, etc.) this will vary slightly. The roles that can be used and what they entail are listed below for each area.

Also read the following article: Inherit permissions from organizational unit to projects, and folders

Roles on Organizational Units

Depending on which functional components are activated in the OU, the following specific roles can be assigned (see figure and table below):

These assigned roles have an effect on what a user can see:

  • An OU manager/support/readers: see all tabs
  • An OU member: sees only the functional tabs
  • A coordinator/reader of a functional module: sees only the functional tabs
RoleRights
ManagersCreating and archiving folders in the OU
Assign folder manager(s) to a new folder within the OU
Assigning folder reader(s) to a new folder within the OU
Managing roles at the OU level.
Access information from all folders and projects within the OU
Change image and text on OU dashboard
For an OU of the Resource Management type:
– Manage resource availability
– Assigning project and non-project work
– Assigning and Deleting Non-Project Activity Sets from the OU
– Assigning hours to projects and non-project activities
SupportThe same access rights as the manager
ReadersAccess to the information of all folders and projects within the OU
For an OU of the Resource Management type:
– Reading the resource pools of the OU
– Reading of all allocation requests, time allocations and availability data from the respective OU
MembersCan be assigned to individual folders, projects or portfolios as readers or managers within the OU.
Note: before access to Portfolios can be granted, users must first be members of Portfolio Management

Roles on folders

RoleRights
ManagersCreate, move, and archive projects and project models at assigned level
Create, move and archive subfolders
Delete and restore archived projects and project models at the assigned level
Assign a project manager to a new project
Manage roles (managers and readers) of assigned level
Create, edit and delete issues, documents, risks etc. within assigned level
Reads all information within own and underlying levels
Setting tolerances for the projects within the assigned folder/project list
Customize layout of folder/project list dashboard
SupportThe same access rights as the manager
ReadersRead all information within own and underlying levels

Roles in the Portfolio

RoleRights
(Portfolio) ManagerCreate and archive portfolio items
Assign managers, readers and members as owners to individual portfolio itemsAccess to all portfolios and their data
Create and archive portfolio items within portfolio
Delete and restore archived portfolio items
Starting Projects from a Portfolio Item
Assign a project manager when starting a Project from a Portfolio item
Changing the layout of the portfolio dashboard
Save portfolio versions
Define and customize canvases.
Create/manage financial categories.
Define/manage portfolio objectives
Skills and Capacity select/enable/manage within capacity planning on the portfolio
SupportThe same access rights as the manager
ReadersAll information in the Portfolio can be read
All information in the Projects started from the Portfolio can be read.
MembersCan be assigned to individual portfolio items as an owner.
This allows a member to mutate that specific portfolio item and add documents to it.

Note: to access portfolios, users must first be members of Portfolio Management

Attention! To start a Project from a Portfolio item, a user must have ‘Manager’ or ‘Support’ as a specific role on the ‘folder’ within the Organizational Unit in which the ‘Project Model’ resides and in which the Project is created.

Roles on Projects

RoleRights
(Project) ManagerManage all information within your own project
Edit project plan, schedule, logs, etc.
Edit project team
Setting the overall status of the own project
Customize layout project dashboard and canvases
SupportThe same access rights as the manager
Readers and Steering Committee MembersRead all the information in a project
Add Issues to the Issue Log
MembersReads all information within a project except project cost information.
Add Issues to the Issue Log

Within a Project are Products/Plan Items to which and on which Members can have a specific role:

RoleRights
OwnerAdding Deliverables (documents) to a product
Add new log items (issues, risks, changes, actions, quality reviews) related to the product.
Editing of all product specific and custom fields
ReviewerAdding Deliverables (documents) to a product
Add new log items (issues, risks, changes, actions, quality reviews) related to the product.
Editing of all product specific and custom fields

Roles on Resource Pools

RoleRights
CoordinatorHas the following permissions on all resources within all underlying organizational units:
– Determine availability of resources
– Assigning project and non-project work
ReaderHas the following permissions on all resources within all underlying organizational units:
– Access to all resources on the underlying organizational units.
– Read access to all allocation requests, time allocations, and availability data

Roles on Agile Teams

RoleRights
ManagerChange Agile Team Name
Manage members
Manage labels
Lists (create, rename, move and archive)
Maps (create, rename, move, add/delete attachments, add/change labels and archive)
Portfolio report tab (open, edit and publish)
Archived and restored maps
Team membersSame rights as Manager, except:
– No access to manage members
– No access to Portfolio reporting tab

Authorizing Groups

In addition to authorizing Individual users on Portfolios, Projects, Folders, etc., you can bundle Groups of users and authorize them at once.

This use is recommended when there are clearly defined groups of users in the organization that need to be granted the same rights in various places in the FCC. If someone in that group is replaced, then you only need to remove the employee from the group in one place and put the replacement in after which the replacement immediately has the same rights as his predecessor.

Groups can be created under User Management.
Attention!

  • This can only be done by employees with the System Administrator role
  • There is one particular user group: ‘all users’.
    This is pre-loaded, and automatically contains all users. For example, you can use it in the OU role ‘members’.

Example
: There are six MT members are who should have read access to both the Portfolios and Projects.

As the System Administrator, click on the Configuration icon (in the upper right corner).

  • User management
    • Groups’ tab
      • Creating a ‘New User Group’

Press the “Create Group” button so that the new user group is created.

The new user group is now in the list of User Groups

Click on the User Group name to add or remove employees.

A pop-up will appear showing the ‘Add / Remove’ button. Press this button. In the pop-up that then appears, employees can be added or deleted.

After you press the OK button it is saved and the group is available for use. For example, the Group can be linked to a Portfolio as a Reader.

External Users

Attention! In order to list users as ‘External User’, module 16 must be activated on your environment by the Fortes helpdesk.

An ‘External User’ can only be assigned to Products, Issues and Risks in a Project and can additionally Write Time. The Products, Issues or Risks that this person is associated with can be viewed without opening the Project. The content (e.g., progress information) can be mutated at these items.

Was this article helpful?

Related Articles