Security Role Details

Video has been removed from this PDF. Visit the BrightWork 365 knowledge base to view.

2024-2

BrightWork 365 provides multiple security roles to choose from, each with a different purpose. The roles noted below are grouped by how they are used in the solution. For more granular security role details see the spreadsheet BrightWork 365 Security Roles.xlsx

BrightWork 365 Privilege-Based Security Roles



  • These security roles are additive not cumulative so you will need to assign users to multiple roles if you need them to have the corresponding combined privileges. An exception is the BrightWork Request Submitter role which should not be combined with any other BrightWork security role.
  • When a user is removed from a security role, they are not removed from associated lookups on forms.

BrightWork 365 out of the box security roles should not be customized. Create your own custom security role instead.

Basic User

All users of BrightWork 365 must be assigned the Basic User security role, in addition to any other security role they are also assigned.

BrightWork Request Submitter

A Request Submitter uses a free BrightWork 365 license and will therefore only have access to the BrightWork Requests app, a limited version of the full BrightWork app. A Request Submitter will have access to much of the same Request functionality as found in the Requests section of the full BrightWork 365 app for paid users, but they will not see other links within the Projects area, nor will they see links to the other areas of the app such as the Portfolios or Reports areas.

A Request Submitter has access to their own requests but not those of others.

BrightWork Team Member

The BrightWork Team Member security role must be applied to any user who requires access to the full BrightWork 365 app. They can interact with all areas of the app with varying levels of privilege.

Users given the BrightWork Team Member security role will appear in the app's Admin area in Security | Users | BrightWork Users.

Added privileges:

  • Request: Create, Read, Write.
  • Request > Project Details tab: Read, Write.
  • Assignment: Read, Write.
  • Project Tabs: Access to all tabs except Project Settings.
  • Project Task: Create, Read, Write.
  • Issue, Risk: Create, Read, Write. Delete only their own.
  • Document: Create, Read, Write, Delete.
  • Project Actions, Costs, Communications: Create, Read, Write. Delete only their own.
  • Portfolio/Program - Actions, Communications: Create, View. Cannot view Costs data.
  • Project Charter: Read, Write.
  • Portfolio & Program Statement: Read, Write.
  • Status Tab: Read, Write.
  • Status Report: Create, Read, Write. Delete only their own.
  • Template: Read.
  • Dynamics Teams: Read.

Only members of this security role will display as a user choice in the form lookup columns Assigned To, Project Sponsor, and the Approver column in the Actions module.

BrightWork Project Manager

A user with the BrightWork Project Manager security role can interact with most areas of the app, with varying levels of privilege per area. Only members of this security role will display as a user choice in the Project Manager column of a project.

Added privileges:

  • Project: Create.
  • Business Process Flow: Allowed to manually move projects to stages that do not require approvals.
  • Project Costs: Create, Read, Write, Delete.
  • Issue, Risk: Create, Read, Write, Delete.
  • Portfolio, Program - Actions, Communications: Create, Read, Write, Delete.
  • Assignment: Create, Read, Write, Delete.
  • Project Task: Create, Read, Write, Delete.
  • Project Settings Tab: Read.
  • For BrightWork 365 release March 2024 and later:
    • The Project Manager actually assigned to the project can change the assigned Project Manager to another user, and edit the project's Schedule Settings; all other project managers can only view the settings.

BrightWork Stage Mover

Added privileges for this security role:

  • Business Process Flow: Allowed to manually move projects to those stages that do not require approvals.

BrightWork PMO Manager

The BrightWork PMO Manager role has the highest level of additional user-related privileges (not system administrator-related privileges) throughout the entire BrightWork 365 app.

Added privileges for this security role:

  • Project: Create, Delete.
  • Program/Portfolio: Create, Read, Write, Delete.
  • Project Actions, Communications: Create, Read, Write. Delete.
  • Portfolio/Program - Costs: Create, Read, Write, Delete.
  • Program Settings Tab: Read, Write.
  • Project Settings Tab: Read, Write.
  • For BrightWork 365 release 2024-2 and later:
    • Project: Manually add new team members.
    • Project: Edit Project Exception Days.
    • Project: Edit Schedule Settings > Project Settings.
  • For BrightWork 365 release March 2024 and later:
    • Project: Can change the assigned Project Manager.
    • Project: Can edit the project's Schedule Settings, except for Enable Virtual Scroll.
    • Admin Area > Global Settings: Full control.

BrightWork Template Editor

Added privileges for this security role: 

  • Templates Area > Templates: Create, Read, Write.
  • Templates Area > Project Templates > Form Configurator: Read, Write.

BrightWork Approvals Coordinator

Added privileges for this security role:

  • View the Approvals tab in Requests and Projects.
  • Can be nominated as an Approvals Coordinator in Requests and Projects.
  • Can change the Requestor value in Project Requests.

BrightWork Request Receiver

A Request Receiver is the first receiver of new project requests and will have access to view the Request Details tab. Depending on the applicable Request Business Process Flow, they will either give final approval to the request or pass it along to the Approvers noted in the Request form.

Only members of the BrightWork Request Receiver security role will display as a user choice in the Request Receiver column of a project request.


Optional Lookup Column Security Roles

The security roles noted below are not in use out of the box. These roles provide the option to be more granular than what is offered by the more generic Senior Managers Dynamics Team when specifying the users that can be chosen within the associated user lookup columns. To activate this functionality you will need to edit the corresponding system view in the Users section of the Admin area within a custom solution, and apply the role to any user you would like to appear as a choice in the column. Contact your Customer Success Partner if you require additional configuration information.

  • BrightWork Group Manager
  • BrightWork Portfolio Manager
  • BrightWork Portfolio Sponsor
  • BrightWork Program Manager
  • BrightWork Program Sponsor

Deprecated Security Roles

  • BrightWork Project Sponsor
  • BrightWork Request Approvers
  • BrightWork Request Reviewer
2024-1 (v1.9)

BrightWork 365 provides multiple security roles to choose from, each with a different purpose. The roles noted below are grouped by how they are used in the solution. For more granular security role details see the spreadsheet BrightWork 365 Security Roles.xlsx

BrightWork 365 Privilege-Based Security Roles



  • These security roles are additive not cumulative so you will need to assign users to multiple roles if you need them to have the corresponding combined privileges. An exception is the BrightWork Request Submitter role which should not be combined with any other BrightWork security role.
  • When a user is removed from a security role, they are not removed from associated lookups on forms.

BrightWork 365 out of the box security roles should not be customized. Create your own custom security role instead.

Basic User

All users of BrightWork 365 must be assigned the Basic User security role, in addition to any other security role they are also assigned.

BrightWork Request Submitter

A Request Submitter uses a free BrightWork 365 license and will therefore only have access to the BrightWork Requests app, a limited version of the full BrightWork app. A Request Submitter will have access to much of the same Request functionality as found in the Requests section of the full BrightWork 365 app for paid users, but they will not see other links within the Projects area, nor will they see links to the other areas of the app such as the Portfolios or Reports areas.

A Request Submitter has access to their own requests but not those of others.

BrightWork Team Member

The BrightWork Team Member security role must be applied to any user who requires access to the full BrightWork 365 app. They can interact with all areas of the app with varying levels of privilege.

Users given the BrightWork Team Member security role will appear in the app's Admin area in Security | Users | BrightWork Users.

Added privileges:

  • Request: Create, Read, Write.
  • Request > Project Details tab: Read, Write.
  • Assignment: Read, Write.
  • Project Tabs: Access to all tabs except Project Settings.
  • Project Task: Create, Read, Write.
  • Issue, Risk: Create, Read, Write. Delete only their own.
  • Document: Create, Read, Write, Delete.
  • Project Actions, Costs, Communications: Create, Read, Write. Delete only their own.
  • Portfolio/Program - Actions, Communications: Create, View. Cannot view Costs data.
  • Project Charter: Read, Write.
  • Portfolio & Program Statement: Read, Write.
  • Status Tab: Read, Write.
  • Status Report: Create, Read, Write. Delete only their own.
  • Template: Read.
  • Dynamics Teams: Read.

Only members of this security role will display as a user choice in the form lookup columns Assigned To, Project Sponsor, and the Approver column in the Actions module.

BrightWork Project Manager

A user with the BrightWork Project Manager security role can interact with most areas of the app, with varying levels of privilege per area. Only members of this security role will display as a user choice in the Project Manager column of a project.

Added privileges:

  • Project: Create.
  • Business Process Flow: Allowed to manually move projects to stages that do not require approvals.
  • Project Costs: Create, Read, Write, Delete.
  • Issue, Risk: Create, Read, Write, Delete.
  • Portfolio, Program - Actions, Communications: Create, Read, Write, Delete.
  • Assignment: Create, Read, Write, Delete.
  • Project Task: Create, Read, Write, Delete.
  • Project Settings Tab: Read.
  • For BrightWork 365 release March 2024 and later:
    • The Project Manager actually assigned to the project can change the assigned Project Manager to another user, and edit the project's Schedule Settings; all other project managers can only view the settings.

BrightWork Stage Mover

Added privileges for this security role:

  • Business Process Flow: Allowed to manually move projects to those stages that do not require approvals.

BrightWork PMO Manager

The BrightWork PMO Manager role has the highest level of additional user-related privileges (not system administrator-related privileges) throughout the entire BrightWork 365 app.

Added privileges for this security role:

  • Project: Create, Delete.
  • Program/Portfolio: Create, Read, Write, Delete.
  • Project Actions, Communications: Create, Read, Write. Delete.
  • Portfolio/Program - Costs: Create, Read, Write, Delete.
  • Program Settings Tab: Read, Write.
  • Project Settings Tab: Read, Write.
  • For BrightWork 365 release March 2024 and later:
    • Project: Can change the assigned Project Manager.
    • Project: Can edit the project's Schedule Settings. 
    • Admin Area > Global Settings: Full control.

BrightWork Template Editor

Added privileges for this security role: 

  • Templates Area > Templates: Create, Read, Write.
  • Templates Area > Project Templates > Form Configurator: Read, Write.

BrightWork Approvals Coordinator

Added privileges for this security role:

  • View the Approvals tab in Requests and Projects.
  • Can be nominated as an Approvals Coordinator in Requests and Projects.
  • Can change the Requestor value in Project Requests.

BrightWork Request Receiver

A Request Receiver is the first receiver of new project requests and will have access to view the Request Details tab. Depending on the applicable Request Business Process Flow, they will either give final approval to the request or pass it along to the Approvers noted in the Request form.

Only members of the BrightWork Request Receiver security role will display as a user choice in the Request Receiver column of a project request.


Optional Lookup Column Security Roles

The security roles noted below are not in use out of the box. These roles provide the option to be more granular than what is offered by the more generic Senior Managers Dynamics Team when specifying the users that can be chosen within the associated user lookup columns. To activate this functionality you will need to edit the corresponding system view in the Users section of the Admin area within a custom solution, and apply the role to any user you would like to appear as a choice in the column. Contact your Customer Success Partner if you require additional configuration information.

  • BrightWork Group Manager
  • BrightWork Portfolio Manager
  • BrightWork Portfolio Sponsor
  • BrightWork Program Manager
  • BrightWork Program Sponsor

Deprecated Security Roles

  • BrightWork Project Sponsor
  • BrightWork Request Approvers
  • BrightWork Request Reviewer