Permission sets in Productive have grown beyond the default (system) permission sets. This allows you to customize permission sets by selecting specific permissions based on the scope of work and expected information access within Productive.
You can then assign these custom sets to individual users, ensuring that their access is consistent with their responsibilities.
Initially, only Admins can create new permission sets, but you can later delegate this to other users; through custom permissions ✅
Custom permission sets are available on the Ultimate subscription plan.
Permission Sets Overview
In the main Permission sets window located in Settings > Permission sets, you will see:
The names of all your permission sets, system and custom
The billing type for the permission sets (client permissions are free, while others are paid)
The permission set type (system or custom permission set)
The number of active individual permissions included in each set
The number of active users assigned to a permission set
The overview offers you information on how many users use which permission sets, and how many permissions there are per set, allowing you to make informed decisions about which permissions to include or exclude based on access needs.
Note that before you start building your fine-tuned custom permission sets, you'll only see the system permission sets there.
These system sets cannot be edited directly, but you have the option to duplicate them. Duplicating a system set allows you to create a new permission set based on it, which you can then customize to suit your specific needs.
Tip: To sort your permission sets, simply click on the column name and select an option.
Setting up and Editing Permission Sets
To build a new permission set from scratch, follow the steps below!
1) Select "+ New permission set"
This option allows you to add a new permission set to your organization.
2) Choose a name for your new permission set
Give your permission set a descriptive name that reflects its purpose.
3) Select the base permission set that you will be editing
Choose the base permission set that best matches the permissions you want in your new set. This option specifies the initial permissions that will be available for modification.
4) Include a description of the permission set
Include a brief description of the permission set's purpose and scope. This description helps users understand the set's permissions and makes it easier to assign them to users.
5) Add and remove permissions
After you've entered the name, description, and base for your new permission set, proceed to add or remove permissions from the following main permission groups.
Overview of Permission Groups (click to expand)
Overview of Permission Groups (click to expand)
Administration
Decide who can manage workflows, holidays, time off categories, approval settings, resourcing, billing, and overhead costs, as well as organizational settings like SSO, revenue recognition, company info, enabling the fiscal year feature, and invoicing. Besides this, decide who can access webhook settings and use Zapier triggers.
Automations
Decide who can view, add, edit, and delete automation rules.
Budget Bookings
Decide who can manage budget bookings in Resourcing, including viewing own, basic, and full booking info, tentative bookings, and adding, editing, and deleting budget bookings.
Budgets
Determine who can view budgets where a user is a member, view all budgets, and add, edit, and delete budgets.
Companies
Decide who can view, add, edit, and delete companies.
Contacts & Clients
Decide who can view, add, edit, or delete contacts and clients, as well as manage access to both regular and sensitive contact custom fields. You can also control permissions for viewing and managing clients.
Cost Rates
Assign who can view all users' cost rates from the same subsidiary or for all users, and add, edit, and delete cost rates.
Custom Fields
Decide who can manage task custom fields, and add, edit, and delete all custom fields.
Deals
Specify who can view deals where the user is a member, view all deals, and add, edit, and delete deals.
Docs
Designate who can view, edit, and delete docs where permitted, and add new docs.
Emails
Decide whether the user can view and manage BCC emails (in budgets, deals, and invoices).
Employees & Contractors
Decide who can view, add, edit, or delete employee fields, including sensitive ones, as well as manage employees, contractors, and user permission sets. Superadmins have full control over these settings.
Expenses
Determine who can view personal expenses, view expenses on budgets where the user is a member, view all expenses, add, edit, and delete own expenses, add, edit, and delete all expenses, as well as approve expenses (you can choose whether the user needs to be the budget/deal owner or the budget/deal member to approve the expenses).
Financials
Establish who can view billable details, financial item reports, and profitability.
Imports
Manage data import settings. This is a Superadmin permission!
Integrations
Decide which users can manage personal integrations (calendars, Slack), view or manage task management integrations (Jira), or manage organizational integrations (accounting, HR, SSO integrations). For more information, visit this article.
Invoices & Payments
Decide who can view invoices and payments where a user is a member of a budget, view all invoices and payments, and add, edit, and delete invoices and payments.
Permission Sets
Specify who can view permission set settings, and add, edit, and delete permission sets (Superadmin).
Placeholders
Decide who can view, add, edit, and delete placeholders.
Projects
Decide who can view projects where the user is a member, view all projects, and add, edit, and delete projects.
Rate Cards
Specify who can only view and who can also add, edit, and delete rate cards.
Reports
Determine who can view created and shared reports, and add, edit, and delete reports.
Service Types
Specify who can view and manage service types.
Tasks
Specify who can view tasks, and add, edit, and delete tasks, task lists, and folders.
Teams
Decide who can view team settings, add, edit, and delete teams, and manage team members.
Time Entries
Determine who can view, add, edit, and delete their own time entries, view time entries on budgets where the user is a member, view time entries for everyone, add, edit, and delete time entries for other people, approve time entries, and manage locked time entries.
Time Off Bookings
Decide who can request time off, view full time off information for all users, access notes and attachments on time off bookings for all users, manage others' time off bookings by adding, editing, and deleting them, approve time off where designated as an approver, and approve time off for all users within the system.
Time Off Entitlements
Determine who can view their own time off entitlements, view all users' time off entitlements, add, edit, and delete time off entitlements, and manage approvers and subscribers for entitlements.
Workload
Control who can view the task Workload layout. For additional details on configuring and restricting access to the Workload layout, check out our guide on Managing Access to the Task Workload Layout.
Note: Start with a lower base permission set and add permissions as needed, rather than starting with a higher set and removing permissions, to avoid granting unnecessary or inadvertently unwanted access to users. 😎
6) Save the permission set
Once you have finished selecting the necessary permissions to include in your custom permission set, click on "Save changes".
Your custom permission set will then appear in the main Permission set window.
To edit the permission set, simply click on it, make the desired changes by adding or removing permissions, and remember to save the changes.
Tip: Use the Try Out feature to take your new permission set for a test drive! After saving, give it a go to ensure it meets your expectations and functions as intended.
Duplicating, Trying out, and Deleting Permission Sets
For easier management, to duplicate, delete, or try out a permission set from the main Permission sets window, click on the three dots next to a permission set.
Note that custom permission sets can only be deleted if there are no active users with that permission set. System permission sets cannot be deleted.
Tip: to see which users have been assigned a certain permission set, click on the number of users in the "Active users with this permission set" column.
Assigning a Custom Permission Set to a User
To assign a custom permission set for a user, follow these steps:
Access User Profile
Navigate to the user's profile, either through Settings > Users (for Employees, Contractors, and Clients), Resourcing > Employees (for Employees and Contractors) or CRM > Contacts (for Clients).
Edit Permission Set
Select the "Permission set" field in the user's Info tab.Choose New Set
Pick the custom permission set you want to apply to this user. You'll find all your custom permission sets listed under the "Custom permission sets" section for easy selection.Update Permissions
Finally, select "Update person" to apply the new permission set to the user.
Video Tutorial
For an overview of the permission sets builder, check out the video below!