BrightWork Security Roles Details

Video has been removed from this PDF. Visit the BrightWork 365 knowledge base to view.

BrightWork 365 provides multiple security roles to choose from, each with a different purpose. The roles noted below are grouped by how they are used in the solution. For more granular security role details see the spreadsheet BrightWork 365 Security Roles.xlsx

BrightWork 365 Privilege-Based Security Roles

These security roles are additive not cumulative so you will need to assign users to multiple roles if you need them to have the corresponding combined privileges. An exception is the Request Submitter role which should not be combined with any other BrightWork security role.

BrightWork Request Submitter

A Request Submitter uses a free BrightWork 365 license and will therefore only have access to the BrightWork Requests app, a limited version of the full BrightWork app. A Request Submitter will have access to much of the same Request functionality as found in the Requests section of the full BrightWork 365 app for paid users, but they will not see other links within the Projects area, nor will they see links to the other areas of the app such as the Portfolios or Reports areas.

A Request Submitter has access to their own requests but not those of others.

See the Request a Project article for more information.

BrightWork Team Member

The Team Member role must be applied to any user who requires access to the full BrightWork 365 app. They can interact with all areas of the app with varying levels of privilege.

Users given the BrightWork Team Member security role will appear in the app's Admin area in Security > Users > BrightWork Users.

Team Member added privileges:

  • Request: Create, Read, Write.
  • Assignment: Read.
  • Project Tabs: Access to all tabs except Project Settings.
  • Project Task: Create, Read, Write.
  • Issue, Risk: Create, Read, Write. Delete only their own.
  • Document: Create, Read, Write, Delete.
  • Project Actions, Costs, Communications: Create, Read, Write. Delete only their own.
  • Portfolio/Program - Actions, Communications: Create, View. Cannot view Costs data.
  • Project Charter: Read, Write.
  • Portfolio & Program Statement: Read, Write.
  • Status Tab: Read, Write.
  • Status Report: Create, Read, Write. Delete only their own.
  • Template: Read.
  • Dynamics Teams: Read.

Only members of this security role will display as a user choice in the form lookup columns Assigned To, Project Sponsor, and the Approver column in the Actions module.

BrightWork Request Receiver (BrightWork 365 v1.5)

A Request Receiver is the first receiver of new project requests and will have access to view Request details. Depending on the applicable Request Business Process Flow, they will either give final approval to the request or pass it along to the Approvers noted in the Request form.

Only members of the BrightWork Request Receiver security role will display as a user choice in the Request Receiver column of a project request.

BrightWork Stage Mover

A BrightWork Stage Mover is given the following additional privilege:

  • Business Process Flow: Allowed to manually move stages via the Business Process Flow in Requests and Projects.

BrightWork Template Editor

A BrightWork Template Editor is given the following additional privilege: 

  • Template: Create, Read, Write.

BrightWork Project Manager

A BrightWork Project Manager can interact with all areas of the app with varying levels of privilege per area.

BrightWork Project Manager added privileges:

  • Project Costs: Create, Read, Write, Delete.
  • Issue, Risk: Create, Read, Write, Delete.
  • Portfolio/Program - Actions, Communications: Create, Read, Write, Delete.
  • Assignment: Create, Read, Write, Delete.
  • Project Settings Tab: Has access.
  • Project Task: Create, Read, Write, Delete.

Only members of this security role will display as a user choice in the Project Manager column of a project.

BrightWork PMO Manager

The BrightWork PMO Manager role has the highest level of additional user-related privileges (not system administrator-related privileges) throughout the entire BrightWork 365 app.

BrightWork PMO Manager added privileges:

  • Project/Program/Portfolio: Create, Read, Write, Delete.
  • Project Actions, Communications: Create, Read, Write. Delete.
  • Portfolio/Program - Costs: Create, Read, Write, Delete.

Optional Lookup Column Security Roles

The security roles noted below are not in use out of the box. These roles provide the option to be more granular than what is offered by the more generic Senior Managers Dynamics Team when specifying the users that can be chosen within the associated user lookup columns . To activate this functionality you will need to edit the corresponding system view in the Users section of the Admin area within a custom solution, and apply the role to any user you would like to appear as a choice in the column. Contact your Customer Success Partner if you require additional configuration information.

  • BrightWork Group Manager
  • BrightWork Portfolio Manager
  • BrightWork Portfolio Sponsor
  • BrightWork Program Manager
  • BrightWork Program Sponsor

Deprecated Security Roles

  • BrightWork Project Sponsor
  • BrightWork Request Approvers
  • BrightWork Request Reviewer