Skip to main content

Privileges - who can access what in Hiro

Updated

Article Contents

  1. Introduction
  2. Global Administrator
  3. Individual Access Privileges
  4. Address Book
  5. Asset Register
  6. Email Archive
  7. Financial
  8. Human Resources
  9. IMS
  10. Plan Register
  11. Projects
  12. Templates
  13. Timesheets
  14. Users
  15. Who's In?

Introduction

Hiro's user privileges system ensures controlled access throughout your organisation to your sensitive data and workflows. Users can either be Global Administrators with full access to all parts of Hiro or be granted specific permissions for particular tasks.

Global Administrator

The first person to set up Hiro in your organisation automatically becomes a Global Administrator. This role grants complete access to all parts of Hiro and the ability to manage user privileges.

As a Global Administrator, you do not need additional access permissions. You have full access to everything in Hiro.

Your organisation must always have at least one Global Administrator. If you need to step down, assign another Global Administrator via the User Privileges & Notifications page before removing yourself.

Settings - User Privileges & Notifications.png

Individual Access Privileges

New users created in Hiro's User Accounts page start with no access privileges. They can perform basic tasks but cannot access sensitive functions like approving invoices or viewing financial reports until granted specific privileges.

Only Hiro Global Administrators can assign these privileges on the User Privileges & Notifications page. Each of the individual privilege types are outlined below with a description of what actions each privilege unlocks.

For information about configuring notifications, view this article.

Address Book

Privilege Type Description
Change financial accounts
  • Can customise invoice due dates for contacts in the Address Book
  • Can view/modify BSB, account numbers and BPAY customer references for contacts in the Address Book
Merge contacts Can merge different contacts together on the Merge Contacts page. 
Generate ABN checking override codes

Can generate ABN checking override codes on the Override Codes page.

Learn more about what ABN checking override codes are used for in this article.

 

Asset Register

Privilege Type Description
Access to Asset Register

By default, only Global Administrators can access the Asset Register. To allow someone else to access it, grant them this privilege. Once granted, they will be able to add and edit assets in Hiro.

 

Email Archive

Privilege Type Description
Search for and download any email

By default, users are only able to view and download emails in the Email Archive if they are part of the project team for the project that email is tagged to.

Grant someone this privilege to enable them to retrieve any archived email, regardless of project.

 

Financial

Privilege Type Description
View all and approve invoice privileges

By default, users are only able to raise draft status invoices onto jobs they are a team member of.

Grant someone this privilege to enable the ability to approve invoices and raise invoices for any job.
Perform invoice credit/reissues

Access to the Credit/Reissue Invoice page is entirely restricted to those who hold this privilege only.
Access financial reports and analyses

By default, users will only be able to run reports within the Financial module if the data is relevant to them.

For example:

  • users will only be able to retrieve invoicing data if they are the project captain of that job
  • users will only be able to retrieve timesheet data for their own timesheets or projects they manage

Use this privilege to grant someone the ability to run these Financial reports for all your data without restriction:

 

Human Resources

Privilege Type Description
Access Licences and Training Register

Access to the Licences and Training Register is entirely blocked unless granted this privilege.

Note that the ability to view/modify individual licence and training items assigned to staff is thereafter configured within that item's individual access permissions in the Register.

Learn more in this article.
Modify Positions Register

Access to the Positions Register is limited for non-privileged users, where they can view basic position information including position descriptions.

The ability to add/modify positions and their associated position descriptions in the Positions Register is granted with this privilege.
Access and modify payroll (incl. Payroll Spreadsheet)

Granting someone this privilege enables the ability to:
Prepare Productivity Reports

Ability to access and generate Productivity Reports
Prepare Employee Performance Reports

Ability to access and generate Employee Performance Reports

 

IMS

Privilege Type Description
IMS Coodinator/s

 
View all IMS document versions

 
Edit IMS controlled documents

 
Publish new IMS document versions

 
Generate IMS field books

 
Modify Legal and Other Applicable Requirements Register

 
Modify Hazardous Chemicals

 
Generate IMS reports

 

 

Plan Register

Privilege Type Description
Provision plans

Grants the ability to provision new plan numbers into provisioning pools in the Plan Register.

Learn more about plan provisioning in this article.
Allocate plans

Grants the ability to allocate plan numbers onto projects in the Plan Register.

Learn more about plan allocation in this article.
Upload plans

Grants the ability to upload plan documents onto already allocated plan numbers within the Plan Register.

Learn more about plan uploading in this article.

 

Projects

Privilege Type Description
Edit all projects

Modifying project information is ordinarily restricted to members of that project's team.

Regardless of project team membership, granting this privilege enables the ability to:
View any Projects Dashboard and project financial information

Accessing project information, such as timesheets, invoices and to-dos, is ordinarily restricted to members of that project's team.

Regardless of project team membership, granting this privilege enables the ability to:

 

Templates

Each individual template configured on the Templates page can be assigned who is allowed to access and modify that template.

Assigning the view / modify privileges enables someone to override the per-template permissions. For example, if someone has not been granted modify permissions on a particular template, they can still change it if they have been granted the "Edit all" template privilege.

 

Timesheets

Privilege Type Description
Bulk Move WIP

By default, you can only use the Bulk Move Timesheets tool to move WIP timesheets onto a project that you are captain of.

Grant someone this privilege to enable moving timesheets:

  • from/to any project; and
  • that are already allocated to an invoice.

Learn more about the Bulk Move Timesheets tool in this article.
Backdate rates onto timesheets allocated to invoices

Existing timesheets can have their charge rates recalculated to match updated rates in:

By default, backdating only applies to timesheets that are unallocated to an invoice (that is, those still in WIP status).

Granting this privilege enables a user to also backdate and recalculate rates for timesheets already allocated to an invoice.
View or modify other people's timesheets

Configuring who can view or modify timesheets is configured on a per-person basis in the User Accounts page.

 

Users

Privilege Type Description
View and export staff data

Granting this privilege enables the ability to:

  • view and manage information for users who have previously been deleted on the Staff page


  • run the Staff Info spreadsheet on the Staff page


  • view emergency contact information on the Staff page


  • view Timesheets of staff who have been terminated or deleted
Modify staff curricula vitae

Enables modifying anyone's curricula vitae on the Staff page.
Add/modify/delete users

Enables creating, modifying and removing user accounts via the User Accounts page in Settings.
Change user profile pictures

Enables changing a user profile picture for a user account via the User Accounts page in Settings, without the ability to otherwise modify the details of that person's user account.

 

Who's In?

Privilege Type Description
Edit day properties This enables someone to modify two types of special properties on a day in Who's In?:
  • Whether the day is a public holiday, and if so if that PH is for just a specific branch office (e.g., a Show Holiday)
  • Whether the day is part of a close-down period – e.g., Christmas and New Year's.

You can learn more about configuring public holidays and close-down periods in this article.
View full transaction details

By default, non-privileged users only see the name of someone who’s been marked as away in the Who’s In? calendar.

When you grant this privilege to someone, they can see the full details about someone being away – e.g., what type of leave they’re on, who approved the request, what date the request was approved, etc.
Edit/delete transactions This enables someone to modify an existing leave entry in the Who’s In? calendar – e.g., being able to change the type of leave, or delete it from the calendar.
View other managers’ pending approvals

By default, leave requests are sent to the person who is assigned their manager in the User Accounts page, where only that manager is able to approve or deny the request.

You can optionally configure what in Hiro is called “Delegate Access”, which enables a secondary person to approve someone’s request if a manager is not available to do so. You can learn more about this process here.

This privilege enables someone to approve/deny leave requests regardless of whether they are the manager of that person or if they’ve been assigned a delegate for that person.

Related articles

Powered by Zendesk