Overview
Dash360 uses two independent layers of access control that work together:
- System roles — determine which modules and administrative functions a user can reach across the entire application.
- Work package permissions — determine which projects, WBS nodes, and individual work packages a user can view or edit within those modules.
An administrator configures both layers from Admin — Users.
System Roles
Every user is assigned exactly one system role. Dash360 ships with two built-in roles:
| Role | Access |
|---|
| Administrator | Full access to all modules, all projects, and the entire Admin area. Administrators do not have work package permissions — they bypass that layer entirely and can see and edit everything. |
| CAM | Access to the project management modules (Estimating, Earned Value, Schedule, Risk, Reporting). Cannot access the Admin area. What a CAM can actually see and edit within those modules is controlled by their work package permissions. |
Additional roles can be created in the system, but Administrator and CAM are the primary roles used in standard Dash360 deployments. If your organization has defined custom roles, contact your system administrator for details.
Work Package Permissions
For users with the CAM role, work package permissions define exactly which data they can access — and whether they can read it or modify it.
Permission Scope
A single permission entry covers a specific combination of module, project, WBS node, and work package. The scope can be set at three levels of breadth:
| Scope | What It Covers |
|---|
| All WBS in Project | Every WBS node and every work package in the selected project |
| All WP in WBS | All work packages under a specific WBS node |
| Specific Work Package | A single identified work package |
Access Levels
Each permission entry also carries an access level:
| Access Level | What It Allows |
|---|
| Full Access (CAM) | Read and write access — the user can view and edit cost estimates, resource assignments, schedule entries, and other data within the scope. |
| Read Only | View-only access — the user can see data but cannot make changes. |
How to Read a Permission Entry
A work package permission is a combination of all four dimensions:
Module = Estimating | Project = Alpha Program | Scope = All WP in WBS | WBS = 1.2 | Access = Full Access
This entry gives a CAM full edit access to every work package under WBS 1.2 in the Alpha Program project, within the Estimating module only. The same user would need a separate permission entry to access that project’s data in the Schedule module.
Modules
Work package permissions are configured independently for each module:
- Estimating
- Earned Value
- Schedule
Resource Code Security
In addition to work package permissions, administrators can restrict which resource codes a user can see within a project. This is an optional project-specific setting.
When resource code security is configured for a user on a project, that user only sees resource codes that have been explicitly granted to them. Resource codes they have not been granted are hidden across all grids and reports for that project.
This is useful when a project shares a resource file across multiple control account managers, and each CAM should only see their own resources.
Resource code security is configured per user, per project, from the User detail view in Admin — Users.
How the Two Layers Interact
The system role and work package permissions work together like this:
- A user logs in. Their system role determines which tabs and pages they can navigate to.
- Within a module (e.g., Estimating), the application checks their work package permissions to determine which projects and work packages appear in project selectors and grids.
- Within a project, if resource code security is enabled, only the assigned resource codes are visible.
A user with a CAM role but no work package permissions for a project will not see that project in any selector within the affected modules.
Administrators always see everything — they are never filtered by work package permissions or resource code security.
All permission configuration takes place in Admin — Users:
- Assign a system role — Edit a user’s record and select their role.
- Add work package permissions — Use the Work Package Permissions section on the user detail page to select module, project, scope, and access level.
- Configure resource code security — Open the Resource Code Security modal on the user detail page to assign or remove resource codes per project.
