Understanding roles and permissions in FastDraft

This article explains the following:

Note: Some features listed in the article require a Professional or Enterprise licence (speak to our Customer Success Team for a plan comparison).

User permissions overview

Let’s start by first understanding the structured roles and permissions in the platform.  It breaks down into three tiers.

• Tier 1: User Type - User type is the top tier of permission and determines what areas of the platform a user can access. For the most part User Type assigns additional administrator privileges but some user types simply provide read access to all contracts (either for the whole site, a particular hub [i.e. region or department] or a particular supplier company). At any given point in time, each user can only be assigned a single user type.
• Tier 2: Party - Contractual responsibilities are determined based on party. The naming conventions can vary from contract to contract and are consequently configurable within the software. Each user can only be assigned to a single party per contract but the permissions assigned to a party can be adapted within the individual contract template where necessary (e.g. to allow a single user to act on behalf of both the Project Manager and Supervisor).
• Tier 3: Role - The terms of a contract normally dictate that certain named individuals are authorised to act on behalf of each party and may allow for those responsibilities to be delegated. Assigning a Manager role at Contract level typically allows a user to be able to send all communications (including replies) on behalf of the party they are assigned to. However, you may wish to grant permission to additional users to draft but not send (Support) or to only be able to view communications (Read Only).  Should you require additional flexibility permissions of each role can be further tailored to your needs and there are additional roles (Cost Manager and Site Agent) that can be used to grant non-standard permissions. 

Detailed breakdown of permissions

The following section provides a more detailed breakdown of the administrative privileges assigned based on User Type and the default contract permissions assigned based on Party and Role.

System permissions based on User Type

User Type is assigned when a Company User is created. User Types are used to control access to areas of the software and do not affect individual contract permissions.

User Types :-

• Site Administrator - Full control of all configurable aspects of the system, including contract templates and tags
• Site Support - Similar to Site Administrator but with no permission to delete attachments, and only 'read only' access to contract templates. 
• Super Users  - Similar to Site support but with no access to contract templates and no ability to deactivate/reactivate users
• Contract Administrator  - A set of permissions tailored to administrators who need to create new contracts and add/remove users
• User Administrator  - A set of permissions for users who will not be creating new contracts but only need permission to be able to add/remove users
• View All - Provides no administrative privileges but provides 'read only' access to all communicated notices on all contracts without necessarily needing to add the user to each individual contract 
• View All Hub - Each contract can be assigned to a Hub, which can be an area or department depending on the needs of your organisation. Once you've defined Hubs you can grant 'View All Hub' type to any users who need 'read only' access to all contracts assigned to a particular Hub. Where enabled, a separate menu is available to allow you to assign company users to one or more Hub.
• View Own  - Equivalent to 'View All' but only for Suppliers [Contractors]. Users assigned this type can see all contracts where their company is added as the Supplier without necessarily needing to add the user to each individual contract. 
• General User - Has no administrative privileges and can only view contracts they are specifically assigned to.
• Note: Built Intelligence have 2 internal user types, System Owner and System Admin. 

	Site Admin	Site Support	Super User	Contract Admin	User Admin	View All	View Own	View All Hub	General User
View All Contracts	Y	Y	Y	Y	Y	Y
Contract Party Switcher [Top Right - under User' Name]	Y	Y	Y	Y	Y
Admin - Companies	Y	Y	Y	Y	Y
Admin - Companies - Hub Users	Y	Y	Y	Y	Y
Admin - Companies - Company Users [including viewing Financial Limits]	Y	Y	Y	Y	Y
Admin - Companies - Company Users - User - [including changing Company and applying Financial Limits]	Y	Y
Admin - Companies - Overview - Deactivation/Reactivation	Y	Y
Admin -  Users - Deactivate/Reactivate	Y	Y			Y
Admin - Projects [including editing all apart from Project Status]	Y	Y	Y	Y
Admin/Settings - Contracts & Contract Overview [including editing all apart from Contract Status]	Y	Y	Y	Y
Admin/Settings - Contracts -Contract Users [including add/delete unless 'Read Only']	Y	Y	Y	Y	Y
Admin/Settings - Contracts -Contract Template [including editing unless 'Read Only']	Y	Y	Read Only	Read Only
Admin/Settings - Contracts -Email Recipients [including editing unless 'Read Only']	Y	Y	Y	Y
Admin - Contracts Other Dates (aka secondary dates)[including editing unless 'Read Only']	Y	Y	Y	Y
Admin - Contracts - Assets	Y	Y	Y	Y
Admin - Templates - Master Workflows and Master Templates [including editing unless 'Read Only']	Y	Read Only
Admin - Users - [including Bulk Deactivate/Reactivate]	Y	Y			Y
Reports - Aggregate	Y	Y	Y	Y
Reports - Contract Users	Y	Y	Y	Y	Y
System - Tags	Y	Y		Y
Admin - Projects -Update Project Status	Y
Admin/Settings - Contracts & Contract Overview -Update Contract Status	Y
Contracts & Admin - Contracts -See Deleted Contracts	Y
Delete Attachments	Y

 

User Types are pre-defined and all exactly the same on all instances of the platform. New User Types cannot be defined and the privileges assigned to existing User Types cannot be changed without a code change. 

Users with user administrative privileges [i.e. all User Types apart from View All, View All Hub, View Own and General User] can change any individual's User Type but cannot assign a User Type with more privileges than their own.

We have implemented a new permissions matrix to make clear which user types can be created/updated by which user types:

• Applies to creating user and updating the user type of an existing user
• Adds a new constraint that a Super User can only create a General User (or update an exiting user’s type to General User)
• This does not prevent other aspects of an existing user’s account being updated (e.g. a Super User can update a Site Administrator’s phone number without being obliged to change their user type but if they change their user type they will only be able to change it to General User)

Warning: Users with user administrative privileges [i.e. all User Types apart from View All, View All Hub, View Own and General User] can view all contracts and can manage their own contract level permissions.

Contract permissions based on Party and Role 

Below defines the default set of permissions assigned to each Party and Role. However, these permissions can be tailored to specific requirements within each contract template.

Party

Each user is assigned to a Party via the Contract Users page. This determines which Party the user is acting on behalf of.

The number of different parties can vary from contract to contract but FastDraft caters for up to four different parties on a single contract and in generic terms these parties are initially defined as

• Client
• Project Manager
• Supervisor
• Supplier/Contractor

Party names are pre-configured in default contract templates to align to unamended versions of common contract templates e.g. NEC4 ECC, FDIC Yellow Book 2017, JCT Design and Build Contract 2016, etc. 

Each user can only be assigned to a single Party per contract but the permissions assigned to a Party can be adapted within the individual contract template where necessary (e.g. to allow a single user to act on behalf of both the Project Manager and Supervisor).

The Supervisor role is not always applicable and can be removed from a contract template using the Party Structure dropdown. 

Role

Each user is assigned to a Role via the Contract Users page. The user's Role reflects the user's authority to act on behalf of the Party they are assigned to under the contract.

The default permissions assigned to each Role are as follows:

• Manager - Read, Create, Communicate
• Support - Read, Create
• Read Only - Read 

However, these permissions can be amended via the contract template and a custom set of privileges can be assigned to the following additional Roles where necessary:

• Cost Manager
• Site Agent

As a rule, only those individuals who have been specifically named within the contract or formally been delegated responsibility to act on behalf of each party should be assigned the Role of Manager.

The Manager Role typically allows a user to communicate on behalf of the party they are assigned to but that doesn't necessarily mean the communications they send will be contractually valid. Care should be taken to ensure that individuals are only assigned Manager Role if and when they are formally authorised to send communications.

Warning: The permissions assigned to each Party and Role can be amended for each process within each contract template. Furthermore, the contract template editor allows the permissions of a Party and/or Role to be adjusted at any time, in which case the permissions of the users previously assigned to each Party/Role will be dynamically updated. We recommend that administrators have a good understanding of contract law and construction contracts and also a good understanding of the organisation constraints and policies to avoid allowing user to do things that their employer might not allow. Correcting errors made in contracts incorrectly configured is very complicated. We recommend policies are in place to help manage this risk.