Authorization Roles

Authorization roles

Roles management is located under Settings-->Manage fields and roles-->Customize system roles. Every individual who will access the system is considered a user. Users can have one of several different roles that determine what abilities and access they will have. The default roles available in the system are: User, Time User, Memorized Sheet User, Punch User, Manager, Project Manager, Reporter, Timekeeper, Group Admin, and Administrator. Keep in mind that the abilities assigned to the default roles cannot be modified. If you need to create a specialized role other than a default role, you will need to create a Custom Role.

Overview

A user has 1 or more roles, a role has 1 or more abilities.

A short description of the default authorization roles

Check the help text when you're on the 'Customize system roles' screen for more details:

User: basic role, can only make entries for him/her self and only see his or her own data.
Time User: Same access and abilities as the default User role above except no access to expense or custom entry.
Expense User: Same access and abilities as the default User role above except no access to time entry.
Memorized Sheet User: Same access and abilities as the default User role except additional access to create and modify Memorized Sheets for self.
Punch User: Access to assigned Punch Entry Screen only.
Basic User: Same access and abilities as the default User role above except no project time tracking and no access to expense or custom entry (This role requires a special license key).
Dashboard User: This role can be combined with other roles to give a user access to the Dashboard screen.
Manager: A Manager serves as a low level administrator over users only. Managers can only manage users in the Groups for which the Managers have been assigned to by an Administrator. A Manager has access to all the functions(abilities) of a User role plus some additional abilities.

Project Manager: A Project Manager serves in the same capacity as a Manager, but also has the ability to create and modify projects in Groups for which the Project Managers have been assigned to by an Administrator. A Project Manager has access to all the functions of a Manager role, plus some additional abilities.
Reporter: A Reporter has access to very few of the traditional user functions of the system, but has full access to the reporting engine. A reporter cannot enter time or any other data except Project Notes, but he/she can view reports on any data contained in the Groups to which he/she has been assigned. This will allow the Reporter to view all time, expense, and custom entries for users that have been assigned to the same Group as the Reporter.
Timekeeper: A Timekeeper exists solely to enter time for other users. A Timekeeper may perform this action for any user contained in the Groups to which he/she has been assigned.
Accruals Admin: An Accruals Admin has the authority to create, modify, and delete accrual balances. In order to have the ability to manage accruals for a given user, this role must be assigned to a group that has both the Accruals Admin and the target user(s).
Administrator: An Administrator serves as a master controller for the system. Although an Administrator has access to many configuration parameters of the system, an Administrator cannot enter time, expense, or custom entries for self.
Group Admin: A Group Admin can do most of the things that an Administrator can do, but only for a defined group of users - specifically the users in the Group Admin's Groups.

Ability description & ability overview per default role

A short description of every ability can be found in the help text. Here's the ability overview of v12.2 (PDF).

An Excel sheet that shows the abilities per default role (version v12.2) (Excel).

Roles & Groups

Access to items in Journyx are set up with groups. A user has access to all items that are placed in the same group (or groups). When you create a group, all default authorization roles are automatically placed in the new group. When you create a custom role you can check the box 'Add this Role to all new Groups'. It depends on your set-up whether you want all the default roles in the groups and/or if you want to add new custom roles automatically to new groups.

Example

Here's an example to show you the importance of where you place roles in a group. In this example we have 2 groups, group 1 and group 2. There are 3 users in our mini Journyx set-up. Steve is assigned 2 roles; 'User' so he can enter time & expense data and 'Reporter' so he can run reports of all the data of all the users in the group. John and Peter have both the role 'User'. They can enter time and expense data and run reports on their own entries.

Roles, Users and Groups

As you can see in the image above, the role 'Reporter' is only present in Group 2. This means that Steve has no ' Reporter' authority in Group 1. He only has 'User' rights in Group 1. This means that he can run reports and see all the data from himself and John but he can not see the data from Peter on his reports.

Check the roles in the groups

Make sure that the roles that you assign to your users are also placed in the groups so that your user has access to the roles. If you don't then you will see an error message on the entry screen:

"Error 'xxxxx' is not a visible user for user ' xxxx'".

Read the help text

A short description of the default authorization roles (check the help text when you're on the 'Customize system roles' screen for more details).