In this article we explain: Company Users vs Project Users, Permissions of admin/foreman/worker, watchers, and collaborate
Overview
Crews by Core is a cloud collaborative platform that allows many users to work together in real time. This requires a certain level of access control separations between users of different roles. This document describes basic concepts of Crews by Core access model, outlining who and how can access certain data.
Company vs Project level roles
Company level roles
There are 2 places where a user can be added at a company level and a project level. Company level user and their permissions are located in “Company Level” menu item on the left side bar
(important) Every user listed in the “Company Users” list will have access to ALL company projects. By default, those users will get the same company level role/privilege in ALL projects.
Here are roles that are available at the company level:
|
Role |
Description |
|
Admin |
Users with an Admin role (in Company Roles) will have full access to C4 for ALL projects within the company. Those users will be able to create new projects, add/remove users, modify schedules, etc. |
|
Foreman |
Users with a Foreman role will have access to C4 for ALL projects within the company with at least a Foreman role. They might get a higher level of access to a specific project (see project level roles/permissions). Those users will be able to see (read only) schedules, users and update some minor details (status, progress). In the app, Foreman users will be able to do more updates to the schedule. |
|
Worker |
Users with a Worker role will have access to C4 for ALL projects within the company with at least a Worker role. They might get a higher level of access to a specific project (see project level roles/permissions). Those users will be able to see (read only) schedules, users and update some minor details (status, progress). In the app, Worker users will also have most of the functionality in read only mode. |
Status Invited
Invited is not a role/permission, but an indication that the user account has not been fully created yet. An invitation has been sent to the user, however this user has not finished the account setup process. Any user, regardless of the role, will be listed as Invited if the account has not been fully set up yet.
Project level roles
Project level roles/permissions are defined on per-project level, and may only elevate (give higher level of privilege) user permissions. For example, a company Worker for a specific project may be assigned Admin privileges in order to create, maintain and run this specific project. Project level permissions are defined in People tab within the project:
(important) People listed only in Project / People (not in Company Users) will have access ONLY to this specific project.
Here are roles that are available at the project level:
|
Role |
Description |
|
Project Admin |
Users with a Project Admin role will have full access to C4 within a specific project. Those users will be able to modify add/remove/edit activities, add/remove users to the project, add/edit maps. However, Project Admin users have no access outside this specific project, and therefore can’t create new projects, add company users, etc. |
|
Foreman |
Users with a Foreman role will have access to C4 for this specific project. Those users will be able to see (read only) schedules, users and update some minor details (status, progress). In the app, Foreman users will be able to do more updates to the schedule. |
|
Worker |
Users with a Worker role will have access to C4 for this specific project. They might get a higher level of access to a specific project (see project level roles/permissions). Those users will be able to see (read only) schedules, users and update some minor details (status, progress). In the app, Worker users will also have most of the functionality in read only mode. |
Status Invited
As at the company level, Invited is not a role/permission, but an indication that the user account has not been fully created yet. An invitation has been sent to the user, however this user has not finished the account setup process. Any user, regardless of the role, will be listed as Invited if the account has not been fully set up yet.
Project level Role override
A company user may have a restricted role at the company level (e.g. read-only access to all projects), and a more privileged role for a specific project (e.g. managing one or several projects as Project Admin). This is useful when core company people need access to everything, but also need to manage some specific projects.
Collaboration
A specific project may be shared with multiple people using the “Collaborate” feature. This feature allows users to specify the list of “collaborators” in the sharing dialog to whom the current project and view will be sent to over the link in email.
New or existing users may be specified in this dialog. In either case, all users specified in this dialog will get an email notification. However, there is a minor difference when clicking on a link in the email.
- An existing user (user who already created an account) will need to login and access C4 using their role for this project.
- A new user will be added to the project behind the scenes as ‘Invited’ (user who has not created an account yet) and will be able to access this project by clicking on the link inside the email. Please note, this ‘invited’ user will have the least amount of privilege possible (read only mode).
Collaborators
Everyone whom the schedule is shared with may be referred as collaborators. Such collaborators may be existing users (with already created an account) or newly created accounts which have not been activated yet. This could be seen in the People’s tab by looking at a specific user status. “Active” status means the user successfully activated an account, while “Invited” status means that the user has been invited by account setup has not been completed yet.
Authentication / Login
Every user with a completed account is required to authenticate (login) to Core before getting any access.
For convenience and fast access to data, user’s with an incomplete account (Invited) may receive a link through email that will grant them a temporary access with the lowest possible set of privileges. This is intended as a temporary measure to provide the fastest access to important information and allow completing their account creation later.
Roles & Permissions Chart
Below is a summary chart demonstrating the types of functions that the three different roles may perform:
Assigning Users to Activities / Tasks
In Crews by Core, a user may also be assigned to a specific task in a few different ways. While it does not grant a user any special privileges or permissions, it is important to highlight it here to avoid confusion. These are not “roles” per se, but they are ways in which users may be denoted differently. NOTE: Their permission levels for interacting with the Crews by Core product is still determined by their role.
Responsible
A user who is the individual person assigned to “work” the Activity and therefore is responsible for providing updates about that Activity. Someone who is assigned as Responsible will be notified with a push notification if they use the Crews by Core App, and this user will automatically be added to this specific Activity chat group where they may post chat comments and photos.. Note: only one user may be added as the Responsible assignee. Separately, someone who is an “invited” user (a user who was added to the project or company but who has not yet signed up to create their account) may still be assigned as Responsible for an Activity.
Watcher
A user who is simply added to an Activity / Action who may follow along to see what is happening with that Activity / Action. Watchers are also added to the Activity group chat in the Crews by Core app where they may post chat comments and photos specific to this Activity. There can be many watchers added to an Activity. Watchers’ ability to perform functions depends entirely on the role they have.