Access and Permissions (User rights)

Access and Permissions (User rights)

Locked with Key Understanding User Access and Permissions

This guide explains how user access and permissions - the user rights - work in Silverbucket. This article is intended for administrators and anyone managing user profiles or access rights within your organization.


Compass Why Access Control Matters

Our access control system ensures that:
  • Each user only sees and edits what they’re allowed to.
  • Sensitive data (e.g. financials, allocations) is protected.
  • Administrators have tools to manage users efficiently and securely.


Brick Core Building Blocks

We use a profile-based access control model, structured like this:

1. Rights

These are individual permissions such as:
  • View project details
  • Edit user profiles
  • Approve resourcing requests
Users don’t get rights directly - instead, they’re bundled into "profiles".


2. Profiles

A profile is a predefined set of rights (permissions).
For example, a “Line Manager” profile might include:
  • View and edit projects
  • View team members
  • Edit resourcing data


3. Authorization Groups

These are used to manage users in bulk.
  • Profiles are added to an authorization group and then users are added to that authorization group.
  • This helps you easily give multiple people the same level of access.


Globe with Meridians Global vs Contextual Profiles

There are two types of profiles:

Check Mark Button Global profiles

  • Apply across the whole system.
  • Example: A user with a global “Viewer” profile can see all projects and people in Silverbucket (if viewer access is granted).

Puzzle Piece Contextual profiles

In addition to global profiles, our access model supports contextual profiles that dynamically grant access based on relationships, organizational structure, or custom logic.
  • Example: An “Organization Manager” profile has limited visibility to the organization node he is given the "Organization Manager" profile to
Lock Important Limitation:You cannot assign permissions for a specific project or single object.For example:Cross Mark "Alice can view Project A, but not Project B" is not supported.Check Mark Button "Alice can view all projects in a specific organization node" is supported.

Counterclockwise Arrows Button How Context Profiles Work

When checking access to an object (e.g., UserProjectCustomer, etc.), we use the right module for that domain to interpret special profile names such as:
Context Profile
Description
Anyone
Grants access to everyone
Self
Grants access to the user’s own record
Project member
Grants access if the user is part of the project
Project manager
Grants access if the user is the project manager for a project
Assisting project manager
Grants access if the user is assigned a specific role in a project; this profile is defined by Silverbucket Support
Program manager
Grants access if the user is leading the associated program
Supervisor
Grants access to subordinates in the user hierarchy
Node admin /manager/member
Grants access based on organization nodes where the user is a node admin/manager/member


Busts in Silhouette How Access is Assigned

    By adding people to a specific Authorization Group
    Automatically based on the context(s)


Counterclockwise Arrows Button Can You Mix and Match?

You can:
  • Assign multiple profiles to the same group
  • Add a user to multiple groups
  • Limit profiles to organization nodes or customer units
You cannot:
  • Customize profiles per customer or user
  • Give one-off permissions to a specific item (like a single project)
  • Edit individual rights within a profile


Locked with Key Who Can Manage Access?

By default:
  • Customer Admins can manage user access within their organization.
  • They can:
  • Add/remove users
  • Assign profiles through authorization groups
  • View who has access to what


Test Tube Tips for Successful Access Management

  • Keep access as simple as possible — fewer profiles and groups = easier maintenance.
  • Use the "Full access read-only" group to grant wide visibility to trusted users.


Fire Extinguisher Common Questions

Small Orange Diamond Can I give someone access to only one project?

→ No, access is always defined at the profile/group/context level. You can limit by department or node, but not a specific project.

Small Orange Diamond Can I request a custom profile?

→ At this time, all profiles are defined centrally. If you have a suggestion, feel free to contact our support.

Small Orange Diamond Can someone belong to multiple groups?

→ Yes! A user will receive all profiles from all groups they belong to.