Information

Title	Upgrading to Project Access Levels

URL Name	Upgrading-to-Project-Access-Levels

Article Body

Body

Upgrading to Project Access Levels

To align with the Private Sharing Model, Custom User Settings that restricted access to certain records have been replaced. A mapping system has been introduced to convert deprecated Custom Settings into Project Access Level records. This ensures a smooth transition and allows access to Project-related data to be managed individually for each Participant, providing greater control and flexibility. Project Access Levels alone do not replace all cases, specifically cases where there are users who are not assigned to Projects but still need to get access to Projects, Phases, Timesheets, Expenses or Resources which was possible with Custom User Settings previously - these User can be granted access using Sharing Rules and other mechanisms.

⚠️ Move to the "Read Only" Sharing Model to gain greater control over access permissions.

To help understand introduced change, here is the break-down per Custom User Setting how it worked before and how it will work without making any changes in configuration post upgrade.

How User Settings are mapped to Project Access Levels

For each Profile and User with existing Custom Settings, a separate Project Access Level record is created.

“Global Default” represents the Org-Wide settings.
”[Setup Owner Name]” is used for all instances of User or Profile settings.

Once created, Project Access Levels are assigned to Participants in the following order:

User-Specific Settings – If a User had individual Custom Settings, the corresponding Project Access Level is applied to all Participant records where the User is a selected Participant.
Profile-Specific Settings – If a Profile had its own Custom Settings, the Project Access Level created for that Profile is applied to all Participant records for Users with that Profile.
Global Default – If no specific User or Profile Custom Settings exist, the Global Default Project Access Level is assigned.

Custom User Settings mapping into Project Access Level

Custom User Settings	Project Access Level
Can see timesheets as Admin	View All Timesheets Submit TIme
Can submit expenses to all projects	View All Expenses Submit Expenses Submit TIme
Can change all projects' data	Manage Project Manage Phase View Phase Manage Participants Manage All Tasks Manage My Tasks View All Tasks Manage All Timesheets Manage All Expenses Submit Time
Can book other people to projects	Manage Participants Submit TIme

More details on what level of access is granted for each Project Access Level individually can be found in this document.

Choosing the right Org-Wide Sharing Model

Project Access Levels alone do not replace all possible cases, specifically cases where there are users who not assigned to Projects but still need to get access to Projects, Phases, Timesheets, Expenses or Resources which was possible with Custom User Settings previously.

In the table below, there is a break-down of scenarios that should be checked with representatives for each Role to understand what is the desired configuration.

	Can see timesheets as Admin	Can submit expenses to all projects	Can change all projects data	Can book other people to projects
	User can view and modify everyone’s Timesheet	User can Submit Expenses to any Project regardless if assigned to Project	User can modify all Project/Phase-related data	User can act as Resource Manager and assign Resources to Projects
User who had this Custom User Setting assigned were able to:	Go to My Precursive > Timesheet component Click on Resource box in the left top corner See all Resources on that drop-down	Go to My Precursive > Expenses component Click on New Save & Submit Expenses in any Projects/Phases regardless if assigned as Project/Phase Owner or not	Go to Project Record Page Update any project-related data such as: Phase details, Participants, regardless if assigned as Project/Phase Owner or not	Go to Precursive Plan Assign Resources into Resource Requests on any Project/Phase regardless if assigned as their Owner or not
After 2.11 upgrade is that User able to…	...see all the Resources they need? Too many? Consider moving to Public Read-Only or Private to narrow down the Resources visibility Too little? Check permissions to Resource object for that particular user	...Submit Expenses to Project/Phase they want? Yes - if that’s expected for all Users, consider leaving Expense object as Public Read-Write Yes - if that’s not expected, consider narrowing down access to Projects/Phases by moving these into Public Read-Only/Private No - if that’s expected check another user who suppose to have ability to Submit Expenses if it works as expected No - if that’s not expected, check if you are assigned to that Project as Participant with Submit Expenses Project Access Level assigned	...update Project/Phase, or any other related item details? Yes - if that’s expected for all Users, we would recommend moving Project/Phase and other related objects into Public Read-Only anyway Yes - if that’s not expected, consider moving Project/Phase and all related items into Public Read-Only/Private Sharing Model No - if that’s expected check another user who suppose to have ability to edit Project/Phase or any other related items, if it works as expected No - if that’s not expected, check if you are assigned to that Project as Participant with Manage Project/Manage Phase Project Access Level assigned (or assigned as the Owner)	...assign Resource to Resource Request in the Project/Phase is accessible for you? Yes - if that’s expected for all Users, we would recommend moving Project/Phase into Public Read-Only anyway Yes - if that’s not expected, consider moving Project/Phase to Public Read-Only/Private No - if that’s expected check another user who suppose to have ability to assign Resources to Resource Requests if it works as expected No - if that’s not expected, check if you are assigned to that Project as Participant with Manage Participants Phase Project Access Level assigned (or assigned as the Owner) or have assigned Custom Permission Set (“ManageParticipantsOnAllProjects”)

Retaining Public Read/Write Sharing Model

The following section explain the changes when you chose to retain at a Public Read/Write Org Wide Sharing Model.

	Can see timesheets as Admin	Can submit expenses to all projects	Can change all projects data	Can book other people to projects
Custom User Setting purpose	User can view and modify everyone’s Timesheet	User can Submit Expenses to any Project regardless if assigned to Project	User can modify all Project/Phase-related data	User can act as Resource Manager and assign Resources to Projects
Prior to 2.11 upgrade	The option to view someone else's Timesheet in My Precursive was limited to your own team (based on your Resource being their Supervisor) or all Resources if you have the User Setting “Can see timesheets as Admin”.	The option to Submit Expenses for Projects regardless of Project/Phase assignment was possible for Users who had this assigned.	This setting allowed the User to edit a Project or Phase even if they were not the Project or Phase Owner.	This setting allowed users to assign Resources to Resource Requests for Phases where they were not the Owner.
Public Read/Write Sharing Model (post upgrade behaviour without configuration)	Access to Timesheets is only driven by Permissions to Resources and TImesheets which means that all Users are able to view all Timesheets.	All Users are able to Submit Expenses for all Projects.	All Users are able to edit all Projects’ data as all of them are Public Read-Write.	All Users are able to assign all Resources to Resource Requests for all Phases, regardless of the Ownership.
Recommended configuration for Public Read-Write	Moving to Public Read-Only or Private Sharing Models with Resources to narrow down access to their Timesheets.	Moving to Public Read-Only or Private Sharing Models with Projects/Phases to narrow down ability to Submit Expenses in these.	Moving to Public Read-Only or Private Sharing Models with Projects/Phases and their related data to narrow down manage capabilities.	Moving to Public Read-Only or Private Sharing Models with Resources to narrow down ability to assign them to Projects/Phases and/or with Projects/Phases to narrow down ability to assign Resources to those.

Moving to a Public Read Only Sharing Model (Recommended) or Private Sharing Model

The following section explain the changes when you chose to move to Public Read Only or Private Sharing Model.

	Public Read-Only Sharing Model		Private Sharing Model
	How it works?	Recommended configuration	How it works?	Recommended configuration
Can see timesheets as Admin	Anyone with view access to a Resource can view other Resources Timesheets through the Resource switcher in My Precursive, although now they may not be able to make any changes depending on the project specific Project Access Levels.	To allow group of User to Edit Other Timesheets: Sharing Rule on Timesheet to assign Edit access to a Group of Users To limit visibility of other Users Timesheets: Limiting View Timesheets can be achieved by moving Resources to Internal Private Org Wide Sharing.	Anyone with view access to a Resource can view other Resources Timesheets through the Resource switcher in My Precursive, although now they may not be able to see all Resources (although you will always have access to your Subordinates Resource) or make any changes depending on the project specific Project Access Levels.	To expand visibility of other Users Timesheets: Sharing Rule on Resource to assign View access to a Group of Users (e.g. Share “All Resources” with “Resource Managers”) Sharing Rules on Timesheet to assign View access to a Group of Users. NOTE: To view the Timesheet Lines and Entries on My Precursive Users will additionally require access to view the related Phases, Tasks Category and Tasks using Sharing Rules. To allow group of User to Edit Other Timesheets: Sharing Rule on Timesheet to assign Edit access to a Group of Users
Can submit expenses to all projects	Submit Expenses is now controlled by a Project Access Level that requires the submitter to be a Participant on the phase with the “Submit Expense” PAL. This may mean that if there is an operational role responsible for submitting Expenses on behalf of other people then they will not be able to do this without the following workaround.	To allow non-Participants to submit Expenses to Projects: Keep Expenses Objects as Public Read/Write.	Submit Expenses is now controlled by a Project Access Level that requires the submitter to be a Participant on the phase with the “Submit Expense” PAL. This may mean that if there is an operational role responsible for submitting Expenses on behalf of other people then they will not be able to do this without the following workaround.	To allow non-Participants to submit Expenses to Projects: Keep Expenses Objects as Public Read/Write.
Can change all projects data	Permissions to Manage Project or Phases is now controlled by Project Access Level assigned to a Participant. If there is a group of Users who require access to manage Project or Phase they are not assigned to then would require the following workaround.	Sharing Rules on particular Objects to assign Edit access to a Group of Users.	Permissions to View and Manage Project or Phases are now controlled by Project Access Level assigned to a Participant. If there is a group of Users who require access to view or manage Project or Phase they are not assigned to then would require the following workaround.	Sharing Rules on particular Objects to assign Read or Edit access to a Group of Users.
Can book other people to projects	Permission to create or assign Resource Requests is now controlled by Project Access Level, “Manage Participants”. If there is a group of Users who require access to Manage Participants for Phases they are not assigned to then would require the following workaround.	Custom Permission (“ManageParticipantsOnAllProjects”) assigned and Sharing Rule on Phase to assign Edit access to a Group of Users.	Permission to create or assign Resource Requests is now controlled by Project Access Level, “Manage Participants”. If there is a group of Users who require access to Manage Participants for Phases they are not assigned to then would require the following workaround.	Custom Permission “ManageParticipantsOnAllProjects” assigned and Sharing Rule on Phase to assign Edit access to a Group of Users NOTE: To view the Projects and Phases Users will additionally require access to read the related Phases, Tasks Category, Tasks using Sharing Rules.

How to upgrade?

Understand the desired outcome

Upgrading to Project Access Levels requires careful planning and execution. The most critical step is validating the desired configuration. Before implementing changes, review Choosing the right Org-Wide Sharing Model section.

Do the configuration and perform tests

Once the requirements are defined, the actual configuration can begin.

Start by setting up an Org-Wide Sharing Model that meets your needs. Then, create Sharing Rules to override specific Sharing Model limitations for certain User Groups or sets of records. Finally, set up Project Access Levels. Assign them as Org-Wide Internal and External defaults, and if necessary, configure more granular defaults for each Role separately.

How long will it take to upgrade?

It is recommended to perform this upgrade in a Sandbox environment first to validate it before deploying the changes to Production. The configuration process can take up to 4 hours, depending on the complexity of your setup. The duration of testing will vary based on the number of Users and Roles involved; however, the table in the "Choosing the right Org-Wide Sharing Model" section outlines the necessary validation steps.

Switching from a Public Read/Write Sharing Model to any other model necessitates the creation of sharing rules for each Participant, Contributor, and their Supervisors, which may take time depending on the volume of data and the number of Users in your instance.

Including configuration, whole setup and testing can be done in a half a day, in some cases extending it to day or two might be necessary.

Review this Salesforce Support Article to minimize recalculation impacts caused by Sharing Rules deployment.