User permissions
Last updated
Last updated
The Profile tab on the user maintenance form is where you control what the user can do in Phocas, from a functionality perspective.
The Dashboards user permissions govern access to the Phocas dashboards and the actions users can take within those dashboards. The more permissions a user has, the more functions they see on a dashboard page.
Dashboards (main permission) - Access the Dashboards module and view dashboards*. This permission gives users view-only access to dashboards.
Analyse Widgets - Analyze dashboard data in the underlying database.
Manage Dashboards - Access functions to manage the dashboards that you and others created. As permission to manage dashboards requires permission to save dashboards, if the Save Dashboard permission is not already selected, it is selected automatically for you when you select the Manage Dashboards permission. Therefore, you get all the functions associated with the Save Dashboard permission (see below), along with some extra functionality as follows:
Create new dashboards from scratch, clone a dashboard, or add a query or chart to a dashboard. You can assign the owner of these dashboards.
Edit a dashboard’s name, description or owner.
Customize the dashboards: Add new lines and widgets to dashboards, and customize those lines and widgets (delete, clone, edit and resize).
Delete your own dashboards and remove other dashboards from your list of dashboards, so you can no longer access them.
Run As
Save Dashboard - Access functions to create and manage your own (personal) dashboards, which include the following actions:
Create new dashboards from scratch, clone a dashboard, or add a query or chart to a dashboard.
Edit the name or description of your dashboards.
Customize your dashboards: Add new lines and widgets to the dashboard, and customize those lines and widgets (delete, clone, edit and resize).
Delete your dashboards.
Timed Refresh - Schedule a dashboard to be refreshed at regular intervals. Without this permission, users can manually refresh the dashboard.
Subscribe - Subscribe to a dashboard to receive scheduled updates delivered via email in a range of file formats.
Manage Subscriptions - Manage subscriptions to dashboards. This permission is only available if users have the above Subscribe permission.
*In addition to the main Dashboards permission above, users need database access to access the underlying data, otherwise, no data will display in the dashboard widget.
In addition to the above dashboard permissions, the Collaboration permissions allow users to share dashboards.
In addition to the Subscribe permission, users need permission to export data in one or more formats. These formats display in the Type dropdown list in the subscription settings. You select these formats in the Query > Export permission.
The Favorites permissions typically go hand-in-hand with the dashboard permissions. If you give users permission to save favorites, it makes sense to also give them the Save Dashboard permission. Similarly, if you give users the Manage Dashboards permission, you should allow them to save favorites.
Administration > Dashboards - Manage (share and delete) all the dashboards in your organization’s Phocas site.
Administration > Subscriptions - Manage subscriptions to all dashboards.
Administration > Folders - Manage the folders in which dashboards can be stored.
For users to be able to receive subscriptions via email, your site needs to have email settings configured. This is usually carried out by administrators with special permissions. See Configure SMTP settings to send emails.
The Favorites user permissions govern access to the Phocas favorites and the actions users can take within those favorites.
Favorites (main permission) - Access the Favorites module and view favorites. This permission gives users view-only access to favorites.
Manage Favorites - Access functions to manage the favorites that you and others created. As permission to manage favorites requires permission to save dashboards, if the Save Favorite permission is not already selected, it is selected automatically for you when you select the Manage Favorites permission. Therefore, you get all the functions associated with the Save Favorite permission (see below), along with some extra functionality as follows:
Save favorites - Either save the changes you make to a favorite or save a favorite as a new favorite (make a copy of the favorite).
Create alerts.
Edit a favorite’s name, description or owner.
Delete (or remove) favorites.
Save Favorite -
Save favorites - If it’s your own favorite, you can either save the changes you make to that original favorite or save the favorite as a new favorite (make a copy of the favorite). If it’s a favorite that has been shared with you, you can save it as a new personal favorite.
Create alerts.
Edit the name or description of your favorites and alerts.
Set the favorite as your default view.
Delete your own favorites and remove your access to favorites that were shared with you.
Subscribe -
Subscribe to a favorite to receive scheduled updates delivered via email in a range of file formats.
Set the favorite as your default view.
Manage Subscriptions - Manage subscriptions to favorites. This permission is only available if users have the above Subscribe permission.
In addition to the main Favorites permission:
Users need database access to access the underlying data, otherwise, no data will display when the favorite is opened.
Users need multiple Query permissions to get the typical view of the Phocas grid with all the functions, so they can work with the data.
In addition to the Save Favorite permission, the Collaboration permissions allow users to share favorites.
In addition to the Subscribe permission, users need permission to export data in one or more formats. These formats display in the Type dropdown list in the subscription settings. You select these formats in the Query > Export permission.
The favorites permissions typically go hand-in-hand with the dashboard permissions. If you give users permission to save favorites, it makes sense to also give them the Save Dashboard permission. Similarly, if you give users the Manage Dashboards permission, you should allow them to save favorites.
Administration > Favorites - Manage (share and delete) all the favorites in your organization’s Phocas site.
Administration > Subscriptions - Manage subscriptions to all favorites.
Administration > Folders - Manage the folders in which favorites can be stored.
For users to be able to receive subscriptions via email, your site needs to have email settings configured. This is usually carried out by administrators with special permissions. See Configure SMTP settings to send emails.
The main Databases user permission governs access to the Databases section in both the Phocas menu and homepage.
This general Databases permission on the Profile tab is different from the user’s specific database permissions and restrictions that are managed on the Databases tab. See Overview of access to data and Manage a user's database access and restrictions for more information.
Even when users have the Databases permission, they can only view the specific databases they have been given access to.
On the other hand, if users have been given access to a specific database but do not have the Databases permission, they will be able to view that database via any dashboards or favorites that have been shared with them. They cannot open a database directly.
The Default Period user permission is available when the main Databases user permission is selected. It allows users to set their own default period (timeframe) for each database.
The Collaboration permissions allow users to work together in different ways throughout Phocas. In particular, the sharing of dashboards and favorites is a common requirement for Phocas users.
The main Collaboration permission activates these collaboration permissions:
Share with Folders - Share dashboards and favorites by placing them in a folder that can be accessed by other users.
Share with Users - Share dashboards and favorites directly to selected users.
External Links - Share a view-only version of a dashboard with someone who does not have a Phocas login, via a generated link.
This permission applies to dashboard owners, in other words, users who have permission to create dashboards.
This feature must be enabled for your Phocas site, which must be cloud-based (accessed from the public internet, not on a private server).
When enabled, the standard Advanced and Administrator profiles have this permission enabled by default.
Site-wide external links functionality can only be enabled by a Phocas consultant. Contact Phocas support in your region for more information about this.
These collaboration permissions are designed to work alongside the dashboards and favorites permissions.
Even when an item is shared, other users can only see the data they have permission to see. For example, a user can't share a dashboard containing data about Branch X with someone who only has permission to view Branch Y.
The Query user permissions determine what users can do with the Analytics grid, such as perform queries, switch modes, select and set periods, change properties, search for data, and so on. Even if users have access to a database (for example, via a shared favorite), if they do not have query permissions, they cannot do anything except view the data.
Here's an example of what it is like when a user has the Sales database permission but no query permissions
Most users, even those with a Basic profile, can perform standard queries and use basic functionality. The more query permissions a user has, the more options they have and actions they can take. Several commonly used query permissions are enabled by default in most system user profiles but these can be manually removed from an individual user's profile. Similarly, some permissions are restricted by default and need to be enabled manually. The following image shows the query permissions that correspond to the Analytics elements.
The Query section on a user’s Profile tab has multiple permissions, which can be organized into three types (as identified by the colors in the image above):
Permissions that enable the menu items: Mode (range of modes to enable), Change Properties, Change Measures (more options with Format Measures), Change Stream, Change Activity Filter, Format (Actual, % Share and Daily Average).
When any of the above menus are enabled, the Period menu becomes available.
Add-on permissions for the Period menu are: Apply Custom Period, Save User Defined Period and Month To Date (see below for details).
Permissions that enable other options for working with the data: Kind (Grid or Chart), Change Options (more options with Hide Total, Show Average and Show Others), Lock Selection, Export (range of formats to enable) and Search.
Permissions that enable the key analysis tools: Change Dimension, and Focus and Reset.
The following period-related Query permissions apply to Analytics only.
Apply Custom Period - Enables the Custom option that allows users to apply a temporary date range.
Month To Date - Enables the Month To Date option in the Options menu that allows users to compare data for the current month with the corresponding number of days in a comparison month. This option only works when the period is defined in the database.
The Query > Export permissions determine if users can export and copy data from the grid, charts and dashboards.
The exportable file formats are CSV, Email*, KML (applicable for map charts only), PDF, Print (opens in a new browser tab) and XLSX (Microsoft Excel). Note there are some limits on the size of the dataset that a user can export.
The Clipboard option allows users to copy data directly from the grid to paste into another application, such as Microsoft Excel. Even though this is a simple copy-and-paste function for the user, it is handled by Phocas as an export function.
In addition to the query permissions above, users need database access to access the underlying data, otherwise, no data will display in the grid.
These query permissions complement the favorites and dashboards permissions, allowing users to analyze the data they see in dashboard widgets and favorites.
*For users to be able to export to email, your site needs to have email settings configured. This is usually carried out by administrators with special permissions. See Configure SMTP settings to send emails.
The main File Upload permission activates the Allow File Upload permission. For these permissions to apply, you must also enable the main Databases permission.
Together, these permissions allow a user to upload CSV, XLXS and other file types as a source for database design, without requiring administration privileges. They do not grant access to Designer or Sync, or allow the user to see any Sync sources or items. The file upload process takes place outside of the Designer module and the uploaded files display in the file list in the Designer data sources panel.
Giving users the ability to upload files is useful when you want to delegate the responsibility of uploading new versions of a file. For example, if you upload a budget file for the current financial year into Designer, any users with permission to upload files can replace (overwrite) that file as required, such as for the next financial year.
See Upload a file.
When a user has a CRM license, the CRM user permissions govern access to the CRM module and the actions users can take there.
CRM (main permission): Access the CRM module, view and update the accounts and contacts, and add and delete activities.
Create Account: Create new accounts.
Create Campaign: Manage campaigns.
Delete Account: Delete accounts.
CRM user restrictions control the type of CRM-related data the user can access.
When a user has a Rebates license, the Rebates user permission governs access to the Rebates module.
There are two Financial Statements permissions that are available when the Financial Statements module has been enabled for your Phocas site. Typically, these permissions would be requested by someone in your Finance team.
Manage Custom Statements - Make changes to the financial statements, such as create new statements and customize the layout and content of statements.
Access Restricted Account Transactions - Access accounts that have been restricted.
It is common for finance teams to restrict access to accounts that have sensitive information (such as payroll) within financial statements, so users can see the total amount but not drill into transactional detail.
Users with permission to manage custom statements (above) can restrict other users from accessing specific accounts. Administrators can override this restriction, to allow one or more users to access the restricted accounts.
Other factors impact a user’s ability to access and use the Financial Statements module, see Overview of access to financial statements.
In particular, users need access to the data that forms the baseline of the statements.
The Budgets & Forecasts permissions are available when the Budgets & Forecasts module is enabled for your Phocas site. There are two user permissions relating to Budgets & Forecasts:
Budgets & Forecasts: Gives users access to the Budgets & Forecasts module (it becomes available in the Phocas menu) and enables them to be assigned tasks in a budget workflow. This permission is for users who need to contribute to the budgets and forecasts.
Manage Budgets & Forecasts: Allows users to create and manage budget and forecast workbooks. Such users are known as budget owners. Typically, this permission would be requested by someone in your Finance team.
Users with a Viewer license can be granted access to the Budgets & Forecasts module (first permission above), but they CANNOT be given access to manage budgets and forecasts (second permission above), which means that they cannot create their own workbooks or be made an owner of a workbook.
In addition to the above user permissions, users need access to the data that forms the baseline of budgets and forecasts. Even with database access, the data users can see within the Budgets & Forecasts module is controlled by database restrictions. For more information, see Budgets & Forecasts > Overview of users and data access.
The actions that administrators can perform in the Administration module are governed by the permissions (settings) in the Administration section of the Profile tab.
For example, your organization might want to:
Set up an Administration profile that allows the administrator to set user access to different databases, but not be able to make any changes to the databases or the Phocas environment.
Restrict an individual administrator from accessing certain functionality.
Here’s a list of administration permissions (in alphabetical order) along with a summary of what they allow you to do or access.
Configuration: Access the Configuration page where you can configure and customize your Phocas site.
CRM: Access the CRM settings pages where you can manage CRM drop-down options (picklists), deleted items, customizations and mappings.
Dashboards: Access the Dashboards (administration) page where you can manage all the dashboards in your Phocas site. Access the Dashboards tab in the user maintenance form where you can manage the dashboards for a particular user.
Databases: Manage the databases for your Phocas site, including:
Access the Databases page where you can view and manage various aspects of your Phocas databases, such as restrictions and defined periods, and create, clone and delete databases.
If you also have the Sync permission, access Designer to design, modify and build databases.
Access the Connectors page to run connectors.
Favorites: Access the Favorites (administration) page where you can manage all the favorites in your Phocas site. Access the Favorites tab in the user maintenance form where you can manage the favorites for a particular user.
Folders: Access the Folders (administration) page where you can manage all the folders in your Phocas site.
Logs: Access the Logs page where you can view system-wide activity and error logs.
Period Types: Access the Period Types page where you can manage the period types in your Phocas site.
Connector: Access the Connectors page where you can manage the connectors (third-party data synchronization tools) for your Phocas site.
Profiles: Access the Profiles page where you can manage the user profiles in your Phocas site.
Sync: Access the Sync Sources page where you can manage the sync sources (connections to raw data) for your Phocas site. If you also have the Databases permission, access Designer to design, modify and build databases.
Working Days: Access the Working Days page where you can manage the working day calendars in your Phocas site.
Allow administrators to change a user’s Profile to a higher administration access level
Users:
All Users: Access the user maintenance form for all users.
Users In Same Group: Access the user maintenance form for just those users in the same group as the administrator. Can be used in conjunction with Users: Users In Same Territory. Other profile settings also affect what changes you can make in this form.
Users In Same Territory: Access the user maintenance form for just those users in the same territory as the administrator. Can be used in conjunction with Users: Users In Same Group. Other profile settings also affect what changes you can make in this form.
Users: Database Access: Access the Databases tab on the user maintenance form and Database view in the main Users page (only the users whom the administrator has permission to administer will be visible). If you do not have any permissions to administer users, you will see an empty table.
See also Profiles (Administrator profile)
Users: Profiles: Access the Profiles tab on the user maintenance form and Profiles setting in the Bulk Update window. If you have Users: Profiles but not Profiles, you will not be able to assign profiles containing administration privileges.
