Setting initial user roles & permissions

Setting roles and permissions is an important part of your initial Ontraccr experience. This is where you decide what each user role can and cannot do.

How roles and permissions work in Ontraccr

To start, all users are categorized into roles in Ontraccr, which could represent the specific job function or seniority the role has within the company account. By default, every Ontraccr account is pre-loaded with the following four roles (in order of highest privilege/permissions):

  • Admin
  • Manager
  • Supervisor
  • Worker

From here, you can easily create an unlimited number of custom roles and further organize your company's Ontraccr experience. 

Each role contains a set of permissions, which defines exactly what each user role can do in Ontraccr and even which pages they are allowed to see. This enables you to restrict the data set and visibility of different users within Ontraccr. For example, you may not want your field team users to see detailed project financials and sensitive company information so you can simply disable the relevant permissions in order to do so. Alternatively, you may want to invite users to use Ontraccr that are external to your company, such as subcontractors or inspectors, so you can create a custom role and restrict the roles down to a very limited number of permissions.

Whenever a user is created or edited in Ontraccr, it must be assigned a user role. As soon as the user role is assigned to the user, that user will then inherit the set of permissions that are configured for the user role.

Managing roles and permissions

You can access your company's roles & permissions settings by navigating to the Settings > Roles & Permissions page. The Roles & Permissions page will always be divided by all the roles that exist. Therefore, you will always see the four default role types at the top. 

Enabling/disabling permissions

For each role in the Roles & Permissions page, you will see a detailed list of permissions that you can configure. For a detailed breakdown of what each permission means and how it works, please refer to the 'Permissions Glossary' article.

When updating permissions, Ontraccr will apply the changes in real-time immediately and does not require users to do anything to receive the permissions changes. For example, in the recording shown below, the 'View Materials' permission can show/hide the 'Materials' page instantly. 

There are two types of permissions: single-role and multi-role permissions.

Single-role permissions

A single-role permission is a permission which only applies to the role in question (as in, the role you are editing the permission for). This type of permission will only have a single checkbox next to it. To enable/disable the permission, simply check or uncheck the checkbox as shown in the example below.

Multi-role permissions

A multi-role permission is a permission related to the ability for the role in question (as in, the role you are editing the permission for) to control specific actions and abilities on behalf of other role types. This type of permission will show a set of checkboxes next to each role configured in the company account in addition to a 'Self' checkbox (where the role in question has the ability to control the function for themselves). 

By checking the box next to any role type or 'Self', you are allowing the role in question to control or manage the function for the roles selected. 

For example, in the 'Time Tracking' multi-role permission shown below, the role was given the permission to track time for themselves, admins, managers, supervisors, and workers, but not for inspectors or subcontractors.

Creating custom roles

To create a new custom role, simply click the 'Add Role' button. Give the new role profile a name and click 'Create' to create it. You will see the new role added to the list immediately. From here, you can click into the role to begin configuring the permissions for it. (All permissions are disabled by default for custom roles, until you enable them individually.)

Important Note: After adding a new custom role, the role will be deselected by default in any multi-role permissions, so you will need to go and explicitly select the new custom role within the relevant multi-role permission. For example, say you just added a custom role for a subcontractor and you want Admin roles to have the ability to add or edit subcontractor profiles to Ontraccr, then you will first need to give the Admin permission to manage user profiles for the new newly-added subcontractor role as shown below.

Important permissions

For a full breakdown of every single role permission and what it means in Ontraccr, you can always refer to the Permissions Glossary.

However, when first setting up your company's Ontraccr account, there are several important permissions to consider as follows:

Manage Settings

This permission controls whether the user is allowed to manage any company settings. Since company settings are such an essential part of the workflows in Ontraccr and they may contain a lot of sensitive information and configurations for the company, this is a very important permission.

Users who have this permission will have access to the main sub-pages in the Settings page.

Note: In order to prevent the accidental removal of the 'Manage Settings' permission from all user roles, in which case there would be no way to configure company settings at all, Ontraccr doesn't allow the toggling of this permission for the default 'Admin' role type, as shown below. This means that Admin profiles will always be able to manage company settings. 

Manage User Wage

This multi-role permission controls whether the user is allowed to view and manage a user's wage within the user profile. Users who have this permission will be able to view, add, and edit the wages for any of the roles they have permission to manage. 

Time Tracking

This multi-role permission controls whether the user can track time (in real-time) on behalf of other user roles. 

Users who have this permission will only be able to clock in/out, switch tasks, and take/end breaks for any of the roles they have permission to track time for. For example, in the demo below, the user has permission to track time for Worker and Inspector user profiles, but not for Manager user profiles, which is why they can't open the clock shortcut for the Manager profiles.

Manual Entry

This multi-role permission controls whether the user can track time (via manual entry) on behalf of other user roles. 

Users who have this permission will only be able to add manual entries for any of the roles they have permission to track time for. For example, in the demo below, the user has permission to add manual entries for Worker and Inspector user profiles, but not for Manager user profiles, which is why they can't see the 'Manual Entry' button for the Manager profiles.

View Time Cards

This multi-role permission can view the time cards of any other user roles. 

Users who have this permission will have access to the Time Cards > Team Cards page, but they will only be able to view time cards for any of the roles they have permission to see under the 'All' list of users. 

Edit Time Cards

This multi-role permission can edit the time cards (that are either completed or submitted) of any other user roles. In order to activate this permission for any specific role(s), the user must first have the 'View Time Cards' permission enabled for the same specific role(s).

Users who have this permission will have access to the Time Cards > Team Cards page, but they will only be able to edit time cards for any of the roles they have permission to edit. 

Some users may have the 'View Time Cards' permission for specific roles but not the 'Edit Time Cards' permission for the same roles. In this case, they will still be able to view the time cards for the role, but they will not be able to see the Edit or Delete buttons.

 

Edit Approved Cards

This multi-role permission can edit the fully approved time cards of any other user roles. 

Users who have this permission will have access to the Time Cards > Team Cards page, but they will only be able to edit fully approved time cards for any of the roles they have permission to edit. 

Some users may have the 'Edit Time Cards' permission for specific roles but not the 'Edit Approved Cards' permission for the same roles. In this case, they will still be able to edit the completed/submitted time cards for the role, but they will not be able to see the Edit or Delete buttons on any of the user's fully approved time entries as shown below.

Reports

This permission controls which reports the user can access in the Reports > Reports page. Users will only be able to access the reports which are selected in this permission's list.