Access and Permissions (User rights)

Access and Permissions (User rights)

Understanding User Access and Permissions

This guide explains how user access and permissions - a.k.a. user rights - work in Silverbucket. This article is intended for administrators and anyone managing user profiles or access rights within your organization.


Why Access Control Matters

Our access control system ensures that:
  • Each user only sees and edits what they’re allowed to.
  • Sensitive data (e.g. financials, allocations) is protected.
  • Administrators have tools to manage users efficiently and securely.


Core Building Blocks

We use a profile-based access control model, structured like this:

1. Rights

These are individual permissions such as:
  • View project details
  • Edit user profiles
  • Approve resourcing requests
Users don’t get rights directly - instead, they’re bundled into "profiles".


2. Profiles

A profile is a predefined set of rights (permissions).
For example, a “Line Manager” profile might include:
  • View and edit projects
  • View team members
  • Edit resourcing data


3. Authorization Groups

These are used to manage users in bulk.
  • Profiles are added to an authorization group and then users are added to that authorization group.
  • This helps you easily give multiple people the same level of access.


Global vs Contextual Profiles

There are two types of profiles:

Global profiles

  • Apply across the whole system.
  • Example: A user with a global “Viewer” profile can see all projects and people in Silverbucket once they are granted that profile.

Contextual profiles

In addition to global profiles, our access model supports contextual profiles that dynamically grant access based on relationships, organizational structure or custom logic.
  • Example: An “Organization Manager” profile has increased visibility to the organization node he is given the "Organization Manager" profile to
Important Limitation:You cannot assign permissions for a specific project or single object. For example:Cross Mark "Alice can view Project A, but not Project B" is not supported.Check Mark Button "Alice can view all projects in a specific organization node" is supported.

How Context Profiles Work

When checking access to an object (e.g., UserProjectCustomer, etc.), we use the right module for that domain to interpret special profile names such as:
Context Profile
Description
Anyone
Grants access to everyone
Self
Grants access to the user’s own record
Project member
Grants access if the user is part of the project
Project manager
Grants access if the user is the project manager for a project
Assisting project manager
Grants access if the user is assigned a specific role in a project; this profile is defined by Silverbucket Support
Program manager
Grants access if the user is leading the associated program
Supervisor
Grants access to subordinates in the user hierarchy
Node admin /manager/member
Grants access based on organization nodes where the user is a node admin/manager/member


How Access is Assigned

    By adding people to a specific Authorization Group
    Automatically based on the context(s)


Can You Mix and Match?

You can:
  • Assign multiple profiles to the same group
  • Add a user to multiple groups
  • Limit profiles to organization nodes or customer units
You cannot:
  • Customize profiles per customer or user
  • Give one-off permissions to a specific item (like a single project)
  • Edit individual rights within a profile


Who Can Manage Access?

By default:
  • Silverbucket Admins can manage user access within their organization.
  • They can:
  • Add/remove users
  • Assign profiles through authorization groups
  • View who has access to what


Tips for Successful Access Management

  • Keep access as simple as possible — fewer profiles and groups = easier maintenance.
  • Use the "Full access read-only" group to grant wide visibility to trusted users.


Common Questions

Can I give someone access to only one project?

→ No, access is always defined at the profile/group/context level. You can limit by department or node, but not a specific project.

Can I request a custom profile?

→ User rights model is built together with Silverbucket Support so if you have any questions, feel free to email us at  support@silverbucket.com 

Can someone belong to multiple groups?

→ Yes! A user will receive all profiles from all groups they belong to.