OPUS permissions follow a simple hierarchy:
Permissions inherit downward only, and Admins aside, only resources to which a user is assigned are available for viewing throughout the app.
Portfolio Owner
Project Owner
Task Owner
Rule of thumb: Creation/Archiving is always controlled by Owners one level above.
| Role | Portfolio | Project | Task | Users |
|---|---|---|---|---|
| Admin | Full control (Read, Write, Create, Archive, Delete) | Full control (Read, Write, Create, Archive, Delete) | Full control (Read, Write, Create, Archive) | Can create & delete users |
| Portfolio Manager | Create only (can assign Owners/Contacts at creation) | — | — | — |
| Portfolio Owner | Read, Write; can Create & Archive Projects | Full control over all Projects inside Portfolio | Full control over all Tasks inside Projects (Read, Write, Create, Archive) | — |
| Project Owner | — | Read, Write; manage Project settings; cannot archive Project | Full control (Read, Write, Create, Archive) | — |
| Task Owner | — | — | Informational only (no extra permissions) | — |
| Portfolio Contact (Read) | View-only across Portfolio & its Projects/Tasks | View-only | View-only | — |
| Portfolio Contact (Write) | Read + Write across Portfolio & its Projects/Tasks (no Create/Archive) | Read + Write (no Create/Archive) | Read + Write + Create (no Archive) | — |
| Project Contact (Read) | — | View-only for that Project & its Tasks | View-only | — |
| Project Contact (Write) | — | Read + Write (no Create/Archive) | Read + Write + Create (no Archive) | — |