BrightWork Security Roles Details

BrightWork 365 provides multiple security roles to choose from, each with different purposes. The roles noted below are grouped by how they are used in the solution. For more granular security role details see the spreadsheet BrightWork 365 Security Roles.xlsx

BrightWork 365 Privilege-Based Security Roles

These security roles are additive not cumulative so you will need to assign users to multiple roles if you need them to have the corresponding combined privileges. An exception is the Request Submitter role which should not be combined with any other BrightWork security role.

BrightWork Request Submitter

A Request Submitter uses a free BrightWork 365 license and will therefore only have access to the BrightWork Requests app, a limited version of the full BrightWork app. A Request Submitter will have access to much of the same Request functionality as found in the Requests section of the full BrightWork 365 app for paid users, but they will not see other links within the Projects area, nor will they see links to the other areas of the app such as the Portfolios or Reports areas.

A Request Submitter has access to their own requests but not those of others.

See the Request a Project article for more information.

BrightWork Team Member

The Team Member role must be applied to any user who requires access to the full BrightWork 365 app. They can interact with all areas of the app with varying levels of privilege.

Users given the BrightWork Team Member security role will appear in the app's Admin area in Security > Users > BrightWork Users.

Sample of Team Member added privileges:

  • Request: Create, Read, Write.
  • Assignment: Read.
  • Project Tabs: Access to all tabs except Project Settings.
  • Project Task: Create, Read, Write.
  • Issue, Risk: Create, Read, Write. Delete only their own.
  • Document: Create, Read, Write, Delete.
  • Project Actions, Costs, Communications: Create, Read, Write. Delete only their own.
  • Portfolio/Program - Actions, Communications: Create, View. Cannot view Costs data.
  • Project Charter: Read, Write.
  • Portfolio & Program Statement: Read, Write.
  • Status Tab: Read, Write.
  • Status Report: Create, Read, Write. Delete only their own.
  • Template: Read.
  • Dynamics Teams: Read.

Only members of this security role will display as a user choice in the form lookup columns Assigned To, Project Sponsor, and the Approver column in the Actions module.

BrightWork Request Receiver

A Request Receiver is the first receiver of new project requests and will have access to view Request details. Depending on the applicable Request Business Process Flow, they will either give final approval to the request or pass it along to the Approvers noted in the Request form.

Only members of this security role will display as a user choice in the Request Receiver column of a project request.

BrightWork Stage Mover

A Stage Mover is given the following additional privilege:

  • Business Process Flow: Allowed to move Stages in New Product Idea template projects.

BrightWork Template Editor

A Template Editor is given the following additional privilege: 

  • Template: Create, Read, Write.

BrightWork Project Manager

A Project Manager can interact with all areas of the app with varying levels of privilege per area.

Sample of Project Manager added privileges:

  • Project Costs: Create, Read, Write, Delete.
  • Issue, Risk: Create, Read, Write, Delete.
  • Portfolio/Program - Actions, Communications: Create, Read, Write, Delete.
  • Assignment: Create, Read, Write, Delete.
  • Project Settings Tab: Has access.
  • Project Task: Create, Read, Write, Delete.

Only members of this security role will display as a user choice in the Project Manager column of a project.

BrightWork PMO Manager

The PMO Manager role has the highest level of additional user-related privileges (not system administrator-related privileges) throughout the entire BrightWork 365 app.

Sample of PMO Manager added privileges:

  • Project/Program/Portfolio: Create, Read, Write, Delete.
  • Project Actions, Communications: Create, Read, Write. Delete any.
  • Portfolio/Program - Costs: Create, Read, Write, Delete any.

Optional Lookup Column Security Roles

The security roles noted below are not in use out of the box. These roles are available to provide organizations with the option to impose greater granularity on their associated form lookup columns, limiting the user names returned within each column. To activate this functionality you will need to edit the corresponding system view in the Users section of the Admin area within a custom solution, and apply the role to any user you would like to appear as a choice in the column. Contact your Customer Success Partner if you require additional configuration information.

  • BrightWork Group Manager
  • BrightWork Portfolio Manager
  • BrightWork Portfolio Sponsor
  • BrightWork Program Manager
  • BrightWork Program Sponsor

Deprecated Security Roles

  • BrightWork Project Sponsor
  • BrightWork Request Approvers
  • BrightWork Request Reviewer