In this article, we will review how users are added and how the permissions are granted and managed in PPM Express.
To add users to PPM Express, it is required to obtain a license for the number of users you would like to add to PPM Express first.
When the first user signs up to PPM Express and creates the tenant for the organization, a trial license will be applied automatically according to the selected plan. It will be valid for 30 days and will include the following number of user/team member seats:
- Projects plan includes 5 users (by default when a trial is registered); no team members are included in the plan.
- To request a trial of the Projects Unlimited plan, please use the Contact Us button. Projects Unlimited plan allows selecting any number of users.
- Enterprise plan includes 5 users, 25 team members (by default when a trial is registered). After the trial period, it is possible to buy additional user/team member seats or select the unlimited option.
- To request a trial of the Enterprise Ultra plan, please use the Contact Us button. When the trial is issued, it includes 5 users and 25 team members by default but can be set higher if communicated to the Sales team. After the trial period, it is possible to buy additional user/team member seats or select the unlimited option.
To manage you subscription, open the settings from the gear button and select the Billing Settings option. As the license is purchased and issued, users can be added to PPM Express.
There are three ways to register new users in PPM Express:
1. Users can be invited to the PPM Express tenant by the PPM Express Administrator.
For more details please refer to How to invite users to PPM Express tenant article.
2. Users from the same Office 365 or GSuite tenant can sign up to the PPM Express tenant.
For more details please refer to How to register a new user in PPM Express tenant article.
As the users are added to PPM Express it is possible to assign the required license type to each user, User, or Team Member and grant and manage users permissions within the application.
3. Users can be synchronized from Azure Active Directory. In this case, user licenses are assigned automatically on synchronization, and a default set of user permissions can be applied. For more details, please refer to the Azure Active Directory User Synchronization article. The Azure Active Directory Synchronization option is available only in the Enterprize subscription plan.
To access the People Management menu, click on the gear icon in the upper right corner of the page and choose People Management. This action is available only for PPM Express users with 'Administrate app' permissions.
The list of all users registered in your PPM Express tenant will be shown.
Assigning licenses to users and editing their permissions
If a user is invited to the tenant from the People management page, the required permissions are indicated when sending an invite. If the user gets to the tenant using the Auto registration option, permissions are assigned according to the Default permissions setting.
The license type is selected immediately if the users are invited via email.
Users who are added to PPM Express may have two types of licenses:
- User - users with a User license may have a full set of PPM Express permissions. By default, users with User licenses have manage resources, integrations, and PPM Insights permissions and permissions to view and create all Projects, Programs, and Portfolios and edit Projects, Programs, and Portfolios they own. PPM Express administrator defines the permission level for each user with a User license type on the People Management page.
- Team Member - users with a Team Member license have read permissions and view all PPM Express Portfolios, Programs, Projects, and Roadmaps by default. Using 'Collaborate on' permission, the PPM Express administrator can grant Team Members permission to edit PPM Express tasks. On the People Management page, the PPM Express administrator may define what Portfolios, Programs, and/or Projects exactly these users have permission to review and/or edit tasks for.
To assign the required license type to the user and grant the required permission, the user record needs to be opened for editing.
To open the user record for editing, click the ellipsis button next to the required user name and choose Edit. Also, you can click on the User name to open the User settings menu.
Also, creating a default set of permissions for new users on the People Management page is possible. When new users join PPM Express, the created default set of permissions will be applied to such users according to their license type.
Also, if you switch the license type for the user, the default set of permissions will also be applied.
General Permissions
Administrate app: If this checkbox is checked, this user will be granted PPM Express administrator permissions.
The first user who logged in to PPM Express and created the PPM Express tenant is an Application Administrator by default and has full access to all functionality and settings within the PPM Express application.
Application Administrator has permission to:
- create, view, edit and delete all Portfolios, Projects, and Resources in the PPM Express tenant;
- configure data synchronization;
- access and configure report management settings;
- activate, deactivate PPM Express users and grant permissions to all PPM Express users according to the organizational policy;
- manage challenges and ideas;
- manage budget;
- manage configuration;
- manage integrations;
- manage billing operations;
- PPM Insights.
Manage Resource: This checkbox is checked by default for all new users in PPM Express. If a user has Manage Resources permission, this user will be granted access to the Resources page and can manage all Resources-related settings: view, edit and delete any resource in the PPM Express application.
If the Manage Resources checkbox is unchecked, the Resources page will not be available for such users (even for viewing).
Manage Prioritization: Checking this option grants permissions to manage strategic alignments (users can edit the catalog of priorities and their importance).
Manage Objectives/Collaborate on Objectives: Users with User licenses who have Manage Objectives rights can create, edit, and delete all Objectives on the tenant and manage them.
Collaborate on Objectives: Users with the 'Collaborate on Objectives' permission can create new top level Objectives. The following actions are available for Users with the 'Collaborate on Objectives' permission for Objectives they own: view all Objectives, edit Objectives, create/import Sub-Objectives, create/import Key Results, clone, move Sub-Objective to another Objective, close, archive, delete Objective.
The following actions are available for Users with the 'Collaborate on Objectives' permission for Objectives they don't own: view all Objectives, create/import Sub-Objectives, and clone the Objective.
Users with Team member licenses who have the 'View Objectives' permission can:
- review all information on the Objectives page but cannot edit, delete, close, or re-open the Objectives.
- review the Key Results Project section if these Team members have View permission for the Project. But cannot edit, delete, or manage the information within the Key Results Project section.
If the 'Collaborate on Objectives' for Users and 'View Objectives' for Team Members permission is Off, the OKR Management page becomes unavailable (hidden from the UI for such users).
Manage Financial Details: Checking this option grants permissions to review and edit the Budget and Benefits section and all fields of Cost type (OOB and Custom) and set the charge rates for resources.
If this permission is not enabled for the user, the Budget section content will be hidden from this user, as well as all fields of Cost type (OOB and custom) become disabled across Projects, Programs, Resources, and Portfolios (N/A status is shown for these fields). Cost fields will be available in the filters and data will be filtered, but no costs will be visible. Also, Cost fields are not exported to the CSV file in this case. The Set Charge Rate option is hidden for users without Manage Financial Details permission.
Manage configuration: Checking this option grants the following permissions:
-
Create Default Layout for Project, Program, Portfolio, or Resource Details Pages for this user account.
Users can save/apply the layouts if they have permission to edit the Project/Program/Portfolio. Users can save/apply the Layout to the Resource Details Pages if they have Manage Resources permission. - Create new fields or edit existing fields on Project, Program, Portfolio, and Resource Details pages. Delete the custom fields.
There can be more than one manager for one Project or Portfolio.
Manage Billing: Checking this option grants access to the Billing Settings page, where billing operations are performed, and the licenses are purchased and managed. All the information about the current subscription is also available on the Billing Settings page.
Manage integrations: Checking this option grants permission to create, refresh and manage all actions related to configuring connections in PPM Express. This permission is granted by default to all users with a User license type and can be unchecked by the PPM Express administrator if needed.
PPM Insights: Checking this option grants permission to visit the PPM Insights dashboard.
Manage Time Tracking: Checking this option grants permission for managing settings on the Time Tracking settings page and setting up rules for time reporting on the tenant level.
Portfolio level permissions
Default View: This option is used to share the portfolio by the view. If you select the view for the user here, the selected view will be applied to the Portfolio dashboard as the user opens this page and only the information included in this view will be displayed for the user.
Create: Grants a user with permission to create portfolios.
View all: Grants a user with read-only access to any portfolio in your tenant. This also means that the user has read-only access to all the Projects.
If it is required that the user has permission to view only specific portfolios, uncheck the 'View All' checkbox and click on the box under the View All checkbox, then choose the portfolios in question manually from the list.
Collaborate on All: Allows users to edit the tasks of the Projects included in the Portfolio(s).
If it is required that the user has permission to edit only the tasks of the Projects in the specific Portfolios, uncheck the 'Collaborate on All' checkbox and select only the required ones manually from the box.
Edit all: Allows the user to view and edit any portfolio in your tenant.
If it is required that the user has permission to edit only specific portfolios, uncheck the 'Edit All' checkbox and click on the box under the Edit All checkbox, then use the box under the Edit All checkbox to choose them manually.
Users with Edit All rights can Apply Default Layout to the Portfolio dashboards. Users with Edit rights for specific Portfolios can use the Apply Default Layout option only in Portfolios they have permission to edit.
Program level permissions
Default View: This option is used to share the Program by the view. If you select the view for the user here, the selected view will be applied to the Program dashboard as the user opens this page, and only the information included in this view will be displayed for the user.
Create: Grants a user with permission to create Programs.
View all: Grants a user with read-only access to any Program in your tenant. This also means that the user has read-only access to all the Programs.
If it is required that the user has permission to view only a specific Program, uncheck the 'View All' checkbox and click on the box under the View All checkbox, then choose the Programs in question manually from the list.
Collaborate on All: Allows users to edit the tasks of the Projects included in the Program(s).
If it is required that the user has permission to edit only the tasks of the Projects in the specific Program, uncheck the 'Collaborate on All' checkbox and select only the required ones manually from the box.
Edit all: Allows the user to view and edit any Program in your tenant.
If it is required that the user has permission to edit only a specific Program, uncheck the 'Edit All' checkbox and click on the box under the Edit All checkbox, then use the box under the Edit All checkbox to choose them manually.
Users with Edit All rights can Apply Default Layout to the Program dashboard. Users with Edit rights for specific Programs can use the Apply Default Layout option only in Programs they have permission to edit.
Project-level permissions
Default View: This option is used to share the Project by the view. If you select the view for the user here, the selected view will be applied to the Project dashboard as the user opens this page and only the information included in this view will be displayed for the user.
Create: Allows a user to create Projects in the PPM Express tenant.
View all: Grants a user with read-only access to any Project in the tenant.
If it is required that the user has permission to view only specific Projects, uncheck the 'View All' checkbox and click on the box under the View All checkbox, then choose the Projects in question manually from the list.
Collaborate on All: Allows users to edit the Project tasks.
If it is required that the user has permission to edit only the tasks in the specific Projects, uncheck the 'Collaborate on All' checkbox and select only the required ones manually from the box.
Edit all: Allows viewing and editing any Project in your tenant.
If it is required that the user has permission to edit only specific Projects, uncheck the 'Edit All' checkbox and click on the box under the Edit All checkbox, then use the box under the Edit All checkbox to choose them manually.
Users with Edit All rights can Apply Default Layout to the Project dashboard. Users with Edit rights for specific Projects can use the Apply Default Layout option only in the Projects they have permission to edit.
Make sure to click the Save button to save the changes you made.
Roadmap-level permissions
Default View: This option is used to share the roadmap by the view. If you select the view for the user here, the selected view will be applied to the Roadmap dashboard as the user opens this page and only the information included in this view will be displayed for the user.
Create: Allows a user to create roadmaps in the PPM Express tenant.
View all: Grants a user with read-only access to any roadmap in the tenant.
If it is required that the user has permission to view only a specific roadmap, uncheck the 'View All' checkbox and click on the box under the View All checkbox, then choose the roadmaps in question manually from the list.
Edit all: Allows viewing and editing any roadmap in your tenant.
If it is required that the user has permission to edit only specific roadmaps, uncheck the 'Edit All' checkbox and click on the box under the Edit All checkbox, then use the box under the Edit All checkbox to choose them manually.
Make sure to click the Save button to save the changes you made.
Business challenges-level permissions
Default View: This option is used to share the Business Challenge by the view. If you select the view for the user here, the selected view will be applied to the Business Challenges dashboard as the user opens this page, and only the information included in this view will be displayed for the user.
For a User, the following options are available:
Create: Allows a User to create Challenges in the PPM Express tenant.
Collaborate on All: Allows a User to perform the following actions:
- view the Business Challenges dashboard for all or selected Challenges
- view Challenge details in read-only mode
- access the Ideas section and navigate to the Ideas dashboard, use the Submit Idea, File, Views, and Filters options
- vote for active Ideas
- view all other details of Ideas of other users in the Active, Selected, and Not Selected stages
- submit Ideas, edit their details, change a stage from Draft to Proposed, delete their Ideas
Edit all: Allows a User to view and edit any Business Challenge in the tenant:
- edit all or specified Challenges, their details, and Ideas
- delete a Challenge and any Idea
- activate, reject Ideas, manage Idea flow
If it is required that the user has permission to edit only specific Challenges, uncheck the 'Edit All' checkbox and click on the box under the Edit All checkbox, then use the box under the Edit All checkbox to choose them manually.
Only the Default View and Collaborate on (the same set of permissions as for the User) options are available for Team Members.
Deactivating a user
The deactivating feature may be needed when a user leaves the company. In this case, a user cannot log in to the tenant, but all the assignments and user fields will be preserved. For example, the deactivated user will not be deleted from the 'Manager' field of a Project, Portfolio, Program, etc.
To deactivate any record, click on the ellipsis button next to it and choose Deactivate. The first user registered in PPM Express is considered a tenant administrator and cannot be deactivated.
When the user is deactivated, the status will be set to Inactive, and the license will be changed to 'Not applied' at once for such a user. The license becomes available for further assignments.
A deactivated user is also removed from the 'Share' functionality and is not displayed in the list of users available for sharing data.
Bulk editing, deactivating/activating users
Using the bulk edit functionality it is possible to set the required permissions for a number of users at once. You can select all users with the Team Members or Users license type and edit the permissions for all of them at once.
If you select both the Team Members and the Users for bulk editing, the permissions will be limited to the Team Members' permissions.
For example, if you need to allow the selected users to view all Portfolios, check the 'View All' checkbox.
If you don't want these users to view all Portfolios, uncheck this checkbox.
If you want the selected users to preserve the permissions they already have for Portfolios (set for each user separately to view specific Portfolios, for example), select the third state of the checkbox.
It is also possible to grant users permission to view Projects (Portfolios, Programs, Roadmaps) via the 'Share' option from the Project directly (or any other entity). You can uncheck the 'View All' or 'Collaborate On' options here and share the required Projects for a number of users from the Project dashboard.
To deactivate/activate several users at a time, select users and click Deactivate Selected/Activate Selected.
If the deactivated users are activated in bulk, the license type will not be applied automatically for these users. It is required to open each user for editing and assign the license as required.
Users who were invited to PPM Express are added to the People Management page and to the Resources page after they join the application.
Another option available for bulk editing is to change the authentication provider. The authentication providers selected by the Administrator on the Tenant Settings page will become available for selection.
Only the selected provider will be available for the user when joining the PPM Express tenant from the invitation link. If Any is selected, then all allowed providers will become available. However, on the Login page, all allowed providers are always available.
Changing PPM Express Tenant Administrator account
PPM Express tenant will be registered once the first user from Office 365 tenant/GSuite or personal Google account signs up. Such a user is granted Administrate app permissions by default and receives access to all components and features provided in PPM Express.
If there is a necessity to deactivate this user, it is possible to do so by following the steps below:
1. The user with Administrate App permissions who needs to be deactivated should open the People Management page.
2. Select the user who will be the PPM Express Tenant Administrator, and open this account for editing.
3. Set Administrate App permissions for this account and click Save.
4. Next, the user who was granted Administrate App permissions should log in to PPM Express, select the user account that needs to be deactivated, and open it for editing.
5. Uncheck the Administrate App checkbox for this user account and click save. This user will no longer have Administrator permissions within this PPM Express tenant and can be deactivated if required.
Users with Administrate App permissions can grant Administrate App permissions for other users as required, there are no limitations for the number of Administrators in PPM Express, but please note that the users with Administrate App permissions should have a User license type.