Roles and Permissions
ScopeStack uses a role-based access model to govern what users can see and do in different parts of the platform.
Accessing Roles
Navigate to Settings > Users & Groups > Roles to view and manage roles.
On this screen: A card with a search bar to filter roles by name. Below the search bar, a data table lists all roles with a Name column. Role names are clickable links that open the role editor. When one or more roles are selected via checkboxes, a delete button becomes active. A + Add Role button appears at the bottom of the list.
By default, new accounts start with three permission levels:
- Admin
- Sales
- User
Roles are Additive
Roles in ScopeStack are additive, meaning:
- Users may have multiple roles with different permission levels for a particular activity.
- The platform determines a user’s permission for a specific activity by looking at the highest level of permission assigned to them across all of their roles.
For example, a user with two roles assigned:
- One role gives them permission to Manage the Phases permission (under Settings).
- The second role gives them only View permission on Phases.
That user has permission to manage Phases since the highest level assigned to them for that activity is Manage.
Viewing a User’s Privileges
You can see the full set of privileges any user has based on their assigned roles by navigating to that user in the Users list and clicking the Privileges tab on their detail page. This tab shows every permission the user holds across all of their roles, making it straightforward to audit access without reviewing each role individually.
On this screen: The user detail page with two tabs at the top: “User Info” and “Privileges.” The Privileges tab is selected, showing a striped table with three columns: Resource (the name of the permission area, formatted from internal identifiers such as “Projects Overview” or “Settings Account”), Description (a short explanation of what the permission controls), and Privilege (the level granted to this user, such as “View,” “Create,” or “Manage,” derived from the highest level across all of the user’s assigned roles).
Key Permissions
Request Approval
The Request Approval permission controls which users can submit projects through the approval workflow. Users without this permission will not be able to initiate the approval process for a project.
This permission is configured per role under the Projects section of the role editor. Assign it to roles held by presales engineers, project managers, or any other users who are responsible for submitting work for review.
If a user should be able to build and scope projects but not submit them for approval, simply omit this permission from their role.
Vendor Resource Rate Editing
Accounts using vendor resources on projects can control who is permitted to edit the hourly cost and price for those resources. This permission is configured separately from general resource management, giving administrators precise control over cost and pricing data for vendor-sourced work.
Creating a New Role
Users with permission can create new roles by clicking the + Add Role button below the list of roles.
- Give the new role a name.
- Configure the permission settings for the activities in the platform to produce the desired access level.
- Click Submit to save.
- Assign the role to users.
Modifying an Existing Role
To modify an existing role, click on it in the role list.
- Change the permissions you want to update.
- Click Submit when you’re done.
Default Role
One role is defined as the default role so that a user has some base level of access if no other role is assigned. This is particularly useful when using SSO to auto-provision new users. New users receive the default role when their accounts are created and can be assigned additional or different roles as needed.
Permission Reference
Each permission in the role editor controls access to a specific area of the platform. Most permissions have three levels: None (no access), View (read-only), and Manage (full access). Some also have Create (can create new items but not edit/delete existing ones) or specialized levels like Adjust Standards for services.
Project permissions
| Permission | Controls |
|---|---|
| Overview | Project details, status, and the project overview page |
| Professional Services | Adding, editing, and managing PS on projects. Includes an Adjust Standards level that allows editing standard service fields (name, phase, category) after they’ve been added to a project. |
| Custom Services | Creating and editing custom (non-standard) services on projects |
| Managed Services | Adding, editing, and managing MS on projects |
| Service Language | Editing service descriptions and language fields on projects |
| Service Pricing | Viewing and editing the Service Pricing tab on the project services page |
| Products | Adding and managing products on projects |
| Pricing | Viewing project pricing pages |
| Pricing Adjustment | Making price adjustments in Overall Pricing (add/edit/delete revenue adjustments) |
| Costing Adjustment | Making cost adjustments in Overall Pricing (add/edit/delete cost adjustments) |
| Resource Rates | Editing resource hourly rates on a specific project |
| Resource Costs | Viewing and editing resource hourly costs on a project |
| Vendor Resource Rates | Editing vendor resource hourly rates on a project |
| Vendor Resource Costs | Viewing and editing vendor resource hourly costs on a project |
| Contacts | Project contacts and sales executive assignment |
| Teammates | Adding and removing project collaborators |
| Locations | Managing project service locations |
| Attachments | Uploading and managing project attachments |
| Travel & Expense | Adding and managing travel/expense items |
| Project Governance | Viewing and editing governance items on projects |
| Phases | Managing phases on a project |
| Terms & Conditions | Editing project terms and conditions |
| User Defined Fields | Editing user defined field values on projects |
| Payment Credits | Adding and managing payment credits |
| Vendor Quotes | Creating and managing vendor quotes |
| Partner Requests | Sending and managing partner service requests |
| Surveys | Using surveys in projects |
| Resource Planning | Using the resource planner on projects |
| Versions | Viewing project version history |
| Notes | Adding internal notes to projects |
| Duplicate | Duplicating projects |
| Request Approval | Submitting projects through the approval workflow |
Settings permissions
| Permission | Controls |
|---|---|
| Account | Account-level settings and configuration |
| Users | Managing users and pre-sales engineers |
| Sales Executives | Managing the sales executive list separately from users |
| Roles | Creating and editing roles |
| Business Units | Managing business unit divisions |
| Clients | Managing the client list |
| Professional Services | Creating and managing standard PS in Settings |
| Managed Services | Creating and managing standard MS in Settings |
| Products | Creating and managing reusable products |
| Service Categories | Managing LOB and service category structure |
| Resources & Rate Tables | Managing resources and rate tables |
| Blueprints | Creating and managing project blueprints |
| Questionnaires | Creating and managing survey templates |
| Document Templates | Uploading and managing document templates |
| Language Fields | Managing language field definitions |
| Phases | Managing the account’s default phase structure |
| Governance | Managing governance item templates |
| Payment Terms | Managing payment term/credit definitions |
| Terms & Conditions | Managing terms and conditions templates |
| Currencies | Managing currency settings |
| Travel & Expense | Managing travel/expense item definitions |
| Lines of Business | Managing LOB structure |
| Vendors | Managing vendor records |
| Webhooks | Managing webhook subscriptions |
| Audit Logs | Viewing audit log / version history |
| Attachment Types | Managing attachment type categories |
| AI Prompts | Customizing AI prompt overrides |