Permissions
This page is the authoritative reference for all global permissions available in Weissr Capex. It describes how permissions are structured, assigned, and managed, and provides a complete list of permissions across all three application areas: Common, Capex Management, and Capex Strategy.
Permissions control what actions users can perform within the system and are always assigned at the user group level. Administrators use this page as the source of truth when setting up or reviewing role configurations.
1. Assumptions
Permissions assignment: Permissions are assigned to user groups.
Group permission capacity: A user group can have multiple permissions assigned.
Single instance: Each user group can only have one instance of a specific permission.
Permission scope: Assigned permissions grant rights to perform actions on defined objects or operations, conferring specific privileges.
Global scope: Permissions are globally applied.
Division of permissions: Permissions are logically divided into three main application parts:
Common
Capex Strategy (CS)
Capex Management (CM) - Includes permissions for Capital Budgeting
2. Permission characteristics
2.1 Object-Level permissions
Object-specific permissions pertain only to that object and do not override permissions at a lower or child level.
Permissions on objects are categorized into:
Non-CRUD Restrictions: Restrict all operations not related to create, read, update, delete (CRUD).
CRUD Operations:
Read: Grants view-only access.
Update: Grants modification rights and inherits read permissions.
Create: Grants rights to create and delete objects, inheriting read and update permissions.
2.2 Permission collection and merging
Users gain permissions through their assigned user groups.
Each permission appears only once in the final merged permissions list per user.
If multiple CRUD-type permissions are found for a user, they are merged:
Merged Result: Inherits all CRUD operations from combined permissions.
3. Administration of permissions
3.1 Assignment methods
Admin interface: Administrators assign permissions within the admin security interface.
Direct Assignment: Permissions can be assigned to a user group through a modal opened from the group's context menu.
View/Edit List: A list of currently assigned permissions, along with editable CRUD checkboxes, is shown.
Removal: Each assigned permission can be removed from the list.
Permission matrix:
X-axis: Represents permissions.
Y-axis: Represents user groups.
Selection points: Checkboxes at the intersection allow selection of specific permissions for each group.
CRUD representation: For CRUD permissions, three checkboxes (Create, Edit, Read) are displayed. Non-CRUD permissions have a single checkbox.
Tabs: The matrix is divided into tabs for:
Common
Capex Strategy
Capex Management
3.2 Global permission assignments
Assignments button: Each global permission includes an "Assignments..." button that opens a window for multi-select user group assignment.
User inheritance display: Lists users who inherit the selected permission.
4. Permission change logging
Every change to permissions is logged, recording:
Group name
Permission details
Action performed
User responsible
Actions tracked include:
Assignment
Un-assignment
CRUD option changes
5. User-specific permission viewing
Modal window: Located in the context menu item
Permissionfor each user, showing inherited permissions.
6. Global permissions
Common permissions table
ID | Application | Name | Is CRUD | Description |
|---|---|---|---|---|
77 | Common | Administrator | No | Provides full access to the Administration page. |
70 | Common | Currency rate | Yes | Access and manage currency exchange rates through Capex Management and Capex Strategy navigation. |
1 | Common | Superuser | No | Full system access, including the Administration page, with decision-making capabilities requiring additional 'Approval' permissions. |
80 | Common | Tag management | No | Enables creation, update, and deletion of tags for CS alternatives and CM documents. |
Capex Management permissions table
ID | Application | Name | Is CRUD | Description |
|---|---|---|---|---|
82 | Capex Management | Additional request creation | No | Allows users to create additional funding requests within a project, even if they lack node-level create permissions. This permission requires EDIT access through the "Project (CM)" node or EDIT access granted by invitation to the project. For detailed steps on creating additional funding requests, refer to Managing Overspend and Additional Funding. |
85 | Capex Management | Approval | No | Users with the Approval permission can participate in the approval process and act as decision-makers for requests. However, this permission does not grant full visibility to all requests within the node; it solely enables users to change the state of a request as part of the approval workflow. To understand how to assign this permission within the Organizational Structure, refer to Assigning Permissions in the Organizational Structure. |
5 | Capex Management | Budget Alternative | Yes | Capital Budgeting permission that provides access to Capital Budgets, including view, edit, create, duplicate, and delete capabilities. |
76 | Capex Management | Capex Management configuration | No | Grants full access to CM-related sections of the Administration page. |
84 | Capex Management | Child request creation | No | Allows users to create child requests/sub-requests, even without create permissions at the node level. Requires EDIT access via the "Project (CM)" node. |
10 | Capex Management | Decision permission (budget alternatives) | No | Capital Budgeting permission that enables users to approve, disapprove, and mark Capital Budgets as preliminary. |
87 | Capex Management | Delete approved, completed, and rejected requests | No | Allows users to permanently delete requests that are in an approved, completed, or rejected state. Without this permission, deletion is restricted to draft and active requests only. Can be assigned to both Superusers and General users. |
86 | Capex Management | Funds reallocation | No | Enables users to reallocate funds within Capex Management. This permission requires create rights at the node level, or EDIT access via the "Project (CM)" node permission or by invitation to the project. It must be used in conjunction with the "Additional Request Creation" permission. For comprehensive guidance on managing overspend and additional funding permissions, see Managing Overspend and Additional Funding. |
29 | Capex Management | Import/export capex request data to/from ERP systems | No | Provides access to the Import/Export page and data transfer between ERP systems. |
4 | Capex Management | Project (CM) | Yes | Grants capabilities to access and manage projects in Capex Management, including create, read, and update functionalities. This permission is tied to the Organizational Structure and must be assigned through the node-level hierarchy within that structure. It enables users to interact with project data according to their assigned CRUD permissions. For detailed guidance on assigning permissions within the Organizational Structure, refer to Assigning Permissions in the Organizational Structure. |
30 | Capex Management | Request creation | No | Enables users to create new requests within a specific node. Users with this permission can view only the requests they have personally without visibility to other requests within that same node. This permission is associated with the Organizational Structure and must be assigned through the node-level hierarchy. For detailed guidance on assigning permissions within the Organizational Structure, refer to Assigning Permissions in the Organizational Structure. |
15 | Capex Management | Secret project | No | Provides the ability to make capex requests private or public and see other user's private requests. |
24 | Capex Management | Selector of suggested decision maker | No | Permits assignment of decision makers in request decision steps. |
81 | Capex Management | Send individual capex rows | No | Grants the ability to send selected capex rows to external ERP systems. |
28 | Capex Management | Setting/editing Capex request approval step planned date | No | Allows users to define planned dates for approval steps in request workflows. |
Capex Strategy permissions table
ID | Application | Name | Is CRUD | Description |
|---|---|---|---|---|
61 | Capex Strategy | Asset blocks to nodes | No | Assign asset blocks to relevant project nodes. |
59 | Capex Strategy | Asset ledger | No | Manages asset ledgers within nodes. |
58 | Capex Strategy | Asset mapping | No | Provides the ability to map assets to project structures. |
60 | Capex Strategy | Asset scope | No | Defines the scope of assets at the node level. |
71 | Capex Strategy | Base alternative | No | Manages base alternatives within strategic projects. |
65 | Capex Strategy | Can be selected as responsible for asset data | No | Allows users to be selected as responsible for asset data in alternative overviews. |
31 | Capex Strategy | Can be selected as responsible for base alternative | No | Enables user selection as responsible for base alternatives. |
26 | Capex Strategy | Can be selected as responsible for external data | No | Permits user selection for handling external data in alternatives. |
66 | Capex Strategy | Can be selected as responsible for investment plan | No | Allows users to be chosen as responsible for investment plans. |
32 | Capex Strategy | Can be selected as responsible for strategic alternative | No | Allows user selection for strategic alternatives. |
33 | Capex Strategy | Can be selected as responsible for strategic building block | No | Permits users to be assigned as responsible for strategic building blocks. |
74 | Capex Strategy | Can select responsible user for alternative part | No | Assigns users as responsible for parts of alternatives. |
75 | Capex Strategy | External Data | No | Manages external data at the node level. |
47 | Capex Strategy | Investment map | No | Assigns investment maps to nodes. |
78 | Capex Strategy | Manage Alternative States | No | Allows activation or deactivation of project alternatives, optimizing memory use. Also grants access to the corresponding activation/deactivation log. |
50 | Capex Strategy | Manage Documents | Yes | Provides access to document management features within alternatives, including upload, replace, and delete (based on CRUD level). Also grants access to the document audit log. |
34 | Capex Strategy | Manage Current Strategy | No | Allows marking group strategies as the current strategy for use in CM. |
49 | Capex Strategy | Model | No | Provides node-level model management capabilities. |
48 | Capex Strategy | Model Assumptions | Yes | Grants access to cash flow settings (assumptions) for base alternatives. |
44 | Capex Strategy | Model input audit log | No | Provides access to logs for model input changes. |
45 | Capex Strategy | Node audit log | No | Grants access to logs for node changes. Required to see changes in the Asset Mapping. |
37 | Capex Strategy | Project (AS) | Yes | Provides access to manage projects within the Capex Strategy module. |
42 | Capex Strategy | Project import/export | No | Allows import and export of projects. |
68 | Capex Strategy | Project lock | No | Grants ability to lock project versions to prevent modifications. |
72 | Capex Strategy | Report chart | No | Manages chart assignments at the node level. |
38 | Capex Strategy | Report chart folder | Yes | Grants permission to create, rename, and delete chart folders. |
43 | Capex Strategy | Report table | No | Assigns report tables to project nodes. |
63 | Capex Strategy | Scope level node audit log | No | Provides access to audit logs for scope changes in alternatives. |
40 | Capex Strategy | Sensitivity data/parameters | Yes | Grants the ability to manage sensitivity settings in projects. |
41 | Capex Strategy | Sensitivity summary report | No | Allows viewing of the Sensitivity Summary report in presentations. |