Permissions

Permissions, granted by roles and by apps, control how users access content within Cloud.

Role permissions

Each role has a set of permissions that define the rights available to that role. There are five permissions, and each can be applied to objects in the system.

Permission types

Object permissions include the ability to Create (C), Read (R), Edit (E), Delete (D), and Share (A & S). Each object type has its own set of object permissions. With custom roles, you can enable your own unique set of permission types for each object permission.

Permission Rights granted to user
Create (C) Create object
Read (R) View object
Edit (E) Modify object
Delete (D) Delete object
Share (A) Assign or remove any user role
Share (S) Assign or remove owned user roles

Objects

Objects are named according to their interface labels in Caseware Cloud, such as Activities, Contact, Entity, and Uploaded Files.

The following tables outline all object permissions with their descriptions (the full list of object permissions is also available from the Roles Permission interface on the Settings page):

Organization objects

Type Permissions Description
Contact C D The contact itself, including all information for Contact - Details and Contact - Summary.
Contact - Details R E

The following information from the contact form:

  • Phone Number (Home, Mobile)
  • Type
  • Tags
Contact - Summary R E

The following information from the contact form:

  • Email Address (Username)
  • Name (First, Last)
  • Occupation
  • Phone Number (Business)
  • System-wide Roles (roles assigned from the People page)
  • Staff Groups
  • Apps
Contact Group C E D

Contact Groups, including assigning and removing contacts.
Organization R E

The organization itself and the following areas:

  • Settings

Time considerations

  • Viewing work codes (R)
  • Editing work codes (E)
Staff C D The staff member itself, including all information for Staff - Details and Staff - Summary.
Staff - Details R E

The following information from the staff form:

  • Phone Number (Home, Mobile)
  • Tags
  • Role Assignments on Entities
  • System-wide Roles (roles assigned from the People page)

Time considerations

  • Viewing staff rates for staff members (R)
  • Editing staff rates for staff members (E)
Staff - Summary R E

The following information from the staff form:

  • Name (First, Last)
  • Email Address (Username)
  • Type
  • Title
  • Position
  • Phone Number (Business)
  • Status
  • Staff Groups
  • Apps
Staff Group C E D

Staff Groups, including assigning and removing staff.
Tag C E D

The tag item itself and the following areas:

  • Tag Management interface on the Settings page.

Entity objects

Type Permissions Description
Entity C D A S The entity itself, including all information for Entity - Details and Entity - Summary.
Entity - Details R E

The following information from the entity form:

  • Status
  • Start Date
  • Fiscal Year End Month
  • Inactive date
  • Phone Numbers (Business, Business Fax, Home and Mobile)
  • Social Profile (website, Twitter, Facebook, LinkedIn)
  • Email
  • Memo
  • Tags
  • Industry Codes
  • Tax Info
  • History
Entity - Summary R E

The following information from the entity form:

  • Name
  • Type
  • Number
  • Address 1 (Street, City, Province, Country, Postal Code)
  • Address 2 (Street, City, Province, Country, Postal Code)

Time considerations

  • Entering time or expense entries for clients (R)

Content objects

Type Permissions Description
Activity C R E D A S

The following activity types:

  • Discussions
  • Tasks
  • File Requests
  • Comments (R)
Activity - Comment C E D

Comments on the following activity types:

  • Discussions
  • Tasks
  • File Requests
  • System Activities
File C R E D A S

The following objects on the Files page:

  • Folders
  • URL Links

For other File objects, access is granted on the Apps tab when creating or modifying Staff, Contacts, or Groups.

Note: The Edit permission for files also enables users to delete empty folders.

App permissions

Each app has a set of permissions that define the rights available to users or groups that have been granted access to that app. Ensure you have the Staff Admin role to enable access for staff members or staff groups, or the Entities Admin role to enable access for a contact or contact group.

To enable app access for a user or group:

  1. Ensure you have the Staff Admin role or equivalent privileges.

  2. From the Cloud menu (), select Groups or Staff.

  3. Select the user or group where you want to enable the app, then select Edit ().

  4. Select Apps, then choose the appropriate access type.

    • No access: Do not enable access to the app for the user or group. This is the default option and does not use any licenses.

    • Read-only: Enable the user or group to view (but not modify) engagements and files in the app without using any licenses. Only available for Cloud Engagement apps.

    • Full access: Enable the app for the user or group. This option uses a license for each user that receives app access.

  5. If the user or group receives Full access to an app, assign the applicable app permissions.

    An app with full access and the list of available permissions.

  6. Select Save.

Time app permissions

A list of available permissions associated with the Time app.

You can assign the following app permissions to any group or any staff member with a valid Time license.

Permission Description
Process own entries Submit personal time and expense entries
Process all staff entries Submit time and expense entries on behalf of other staff members.
Transfer all staff entries Transfer time and expense entries between entities and engagements
Process Access the Billing app, view WIP totals and create invoices
View own entries Use personal time and expense entries to generate Analysis reports
View all staff entries Use all staff members' time and expense entries to generate Analysis reports
View WIP and Billing Use WIP and Billing information to generate Analysis reports