In a multi-user environment controlling what a user can do is crucial. If you are a using Feng Office as a client extranet you probably don't want one client to see the documents of another client. If you are using Feng Office as an intranet you may have certain workspaces where certain employees are not allowed to edit information, and some other workspaces which are visible to the management exclusively.

Setting the user rights is one of the more complex tasks in Feng Office. There are properties at several places, and you have to know where to find them and how they relate to each other. This page tries to summarize all the different settings that control user rights.

Feng Office provides three ways to manage access permissions to its users:

1. Defining permissions on a particular user.
2. Defining permissions on a particular dimension (Project, Client, Folder, Workspace, etc.).
3. Defining permissions on a user group.

In this section we will explore the three ways of defining permissions.

All three ways are accesible through the Administration Panel. To access the Administration Panel, please do as follows:

1. Click on your name (top right corner)
2. Select Settings

For every person in Feng Office, you can determine:

1. Will he or she be able to access Feng Office?
2. What actions he/she will be able to perform.
3. What parts of the system (which Projects, Clients, Workspaces) he/she will be able to access.

The first option (will the user be able to use Feng Office) is a simple yes or now.

The second option can be quickly defined by the 'User Role', which pre-configures a set of common allowed actions and restrictions.

The third set of settings (what elements or parts of the system the user will be able to access) is determined at the time of:

1. Adding or editing a new Member (Project, Workspace)
2. Adding or editing the user.

Defining a role on a user provides a preconfigured set of system permissions.

See the table below for a quick guide to the permissions defined by each role

	Quick description
Super Administrator	Can do everything
Administrator	Can do everything, except managing other administrators and super administrators
Manager	Can do everything on Clients, Projects and Workspaces for which administrators granted Management permissions
Executive	Can work on everything, but cannot set permissions
Collaborator Customer	Is a Customer that can work on data but with restricted permissions, such as not creating or assigning tasks. Can link one object to another provided that they have edit permissions to that object
Internal Collaborator	Can work on data, but cannot create nor assign tasks. Can link one object to another provided that they have edit permissions to that object
External Collaborator	Can work on data, but cannot create nor assign tasks. Can link one object to another provided that they have edit permissions to that object
Guest Customer	Has limited access to view his/her own data. Cannot upload data. Only comments
Guest	Has limited access to view his/her own data. Cannot upload data. Can't comment
Non-exec Director	Has access to all data. Can't break things

For more details, here is a complete and detailed description of User Roles.

1. Go to 'Users' and click on 'Permissions' on the user in question
2. Go to the 'System permissions' section and select the desired options.

• Can manage security configuration: If this permission is set the user will be able to edit other users' permissions in the Administration panel. This option is available for administrators only.
• Can manage configuration, owner company data, tabs, logos and colors: If this permission is set the user will be able to edit the Owner Company's data in the Administration panel. This option is available for administrators only.
• Can manage task templates: If this permission is set the user will be able to add, edit and delete Templates in the Administration panel. This option is available for administrators only.
• Can manage time slots: If this permission is set the user will be able to work in the Time module and add time slots to tasks.
• Can add mail accounts: If this permission is set, the user will be able to add e-mail accounts.
• Can manage dimensions: If this permission is checked the user will have full permissions over dimensions. He will be able to create new dimensions and change their configuration. This is an advanced administrative feature.
• Can manage dimension members: If this permission is checked the user will have full permissions over dimension members. He will be able to create, edit and delete new members. In practice, a member could be a workspace, project, client, etc.
• Can manage tasks: If this permission is checked the user will have full permissions over tasks. He will be able to assign tasks to other users and complete them.
• Can manage billing: If enabled then the user will be able to edit billing configurations.
• Can see other user's tasks: If enabled then the user will be able to see tasks that are not assigned to him/her.
• Can update other user´s event invitations: If enabled then the user will be able to change the status of other users event invitations.
• Can link objects: If this permission is checked the user will be able to link and unlink objects.
• Can edit completed payments: If enabled then the user will be able to edit payments that are already completed.
• Can edit confirmed invoices: If enabled then the user will be able to edit invoices that are already confirmed.
• Can manage invoicing configuration: If enabled then the user will be able to manage the configuration of the invoicing module.

NOTE: As you may see, there are some boxes which you are not allowed to check. This is due to user role restrictions (see chart above).

1. Go to 'Users' and click on 'Permissions' on the user in question
2. Go to the 'Module Permissions' section and select the desired options.

1. Go to 'Users' and click on 'Permissions' on the user in question
2. Go to the 'Clients & Projects' section and select the desired options.

As you may see, you can drag and drop items in either the 'With permissions in:' or 'Without permissions in:' boxes, according to your preferences. Moreover, you can configure permissions inside each client, project or folder, by clicking on it.

1. If you click on any column (i.e.: 'Read & Write'), the permissions will be set there without you having to click every single one of them.
2. 'Apply the permissions above to all clients and projects down the hierarchy from…':
   • If you would like a user to have permissions in a whole Client, and also within its folders and projects, you may click on 'Apply the permissions above to all clients and projects down the hierarchy from…' on the bottom right corner of the permissions menu.
3. 'Apply the permissions above to all clients and projects:'
   • If you would like a user to have those permissions in all of the clients, projects and folders, you do not need to select them one by one, as you may already do it by clicking on 'Apply the permissions above to all clients and projects' on the bottom right corner of the permissions menu.

1. Go to 'Users' and click on 'Permissions' on the user in question
2. Go to the 'Workspaces' section and select the desired options.

As you may see, you can drag and drop items in either the 'With permissions in:' or 'Without permissions in:' boxes, according to your preferences. Moreover, you can configure permissions inside each workspace, by clicking on it.

1. If you click on any column (i.e.: 'Read & Write'), the permissions will be set there without you having to click every single one of them.
2. 'Apply the permissions above to all workspaces down the hierarchy from…':
   • If you would like a user to have permissions in a whole workspace (also within each workspace down its hierarchy), you may click on 'Apply the permissions above to all workspaces down the hierarchy from…' on the bottom right corner of the permissions menu.
3. 'Apply the permissions above to all workspaces:'
   • If you would like a user to have those permissions in all of the workspaces, you do not need to select them one by one, as you may already do it by clicking on 'Apply the permissions above to all workspaces' on the bottom right corner of the permissions menu.

1. Go to 'Users' and click on 'Permissions' on the user in question
2. Go to the 'Permissions for objects without classification' section and select the desired options.

• 'None' → no permissions at all
• 'Read only' → only see things and comment them. In case of tasks, only being able to complete tasks assigned to the person in question
• 'Read & Write' → see things, create new ones, and modify existing ones
• 'Read, Write & Delete' → same as the previous option, but also being able to delete information

Note: Remember to save the changes after setting the permissions up!

Feng Office not only allows you setting up the permissions by users, but you may also create a group of users, set permissions for the group, and then all of these permissions will be applied to the users.

In order to add a new group, please do as following:

1. Click on your name (top right corner)
2. Select Settings
3. Access Users, groups and permissions, and add a new group or click an existing one to edit it.

Once you get here, you will have to do as following:

• Add a Name for the Group you are creating
• Select the users (by clicking on them) who will belong to this group
• Select the System Permissions, Module Permissions, Clients & Projects Permissions and Workspaces Permissions for the members that this group will have (you can click on the green ? icon if you are not sure what is the permission for). This is done in the same way as for individual users (see above section).

NOTE: Permissions, whether they are group or user permissions, are always limited by the permissions related to the USER ROLE. For example, if you create a user with the role GUEST USER, the permissions this user will have are those stated for it's role, and adding him to a group with more permissions or changing its system permission will not override them.

You may add or remove users from a group whenever you feel like, but please bear in mind that the permissions the user will have are the maximum permissions granted by either the groups the user belongs to (it may belong to more than one) or the permissions that were set for him as a user. This means that if the user cannot access a project due to his permissions, but he is added to a group that can, his permissions will be overridden and he will be able to access this project, and viceversa.

For instance: If John Doe does not have permissions to access Acme Project, but someone adds him to a group that has permissions over Acme Project, from then on John Doe will be able to access it.

Following this link you will find a section dedicated to permission configurations which have been discontinued.