Security, Permissions, and Guests

With Procorem we strive to find the balance between usability and data security to ensure our clients receive the best of both worlds—secure data available anytime, anywhere. In order to achieve the type of security our clients expect, we have implemented a variety of security levels to deliver on this promise. We deliver multiple layers of security to ensure your data is safe:

  • Data encryption

  • In-app security

  • IT process and automated testing

For more information on each of these core areas, please explore the How we keep your data secure page in our security section.

Understanding Roles in Procorem

Admin-Roles-Security-diagram-v2.png

User permissions are determined by multiple layers: login role (members and guests), security role (for members only), and WorkCenter role (for each user at the WorkCenter level).

Members Versus Guests

In Procorem, guests are always free and unlimited regardless of plan. Guests can perform most types of work on Procorem such as uploading documents, creating folders, creating and managing posts, completing tasks that have been assigned to them, and so on. Member roles have a higher level of authority and can create tasks, WorkCenters, add collaborators, and much more.

While Guests are free accounts, they still need to maintain the ability to complete work and collaborate effectively through Procorem. With that in mind, Procorem gives free Guests significant power to be productive. Guests have the ability to do the following activities within each WorkCenter they are added, depending on their assigned WorkCenter Security Role:

  • Upload Files

  • Delete Files

  • Update Files

  • Restore File Versions

  • Download Files

  • Create File Comments

  • Delete File Comments

  • Create Folders

  • Rename Folders

  • Create Posts

  • Edit Posts

  • Delete Posts

  • Delete Tasks

  • Create Task Comments

  • Delete Task Comments

Members are how Procorem is charged and thus have significant capabilities above and beyond a Guest. Members can do everything a guest can do along with the following activities on the WorkCenter they are added:

  • Move File/Folders

  • Copy File/Folders

  • Delete Folders

  • Create Tasks

  • Update Tasks

  • Manage Task Assignees

  • Manage Task Approvers

  • Add Guest Collaborators

  • Remove Collaborators

  • Change Collaborator Role

  • Edit WorkCenter Settings

  • Create WorkCenters

  • Create WorkCenter Templates

Types of Members

On top of the additional capabilities Members have within WorkCenters, there are four distinct types of Members: Non Admin Members, WorkCenter Administrators, User Administrators, and Account Administrators. All members are able to perform the above actions within the WorkCenter, but each type of Member has different Account levels of capabilities as well.

For details setting up Member types please see the People & Permissions section of the Help Center.

Non Admin Member is your most basic type of Member. Non Admin Members benefit from the increased power within WorkCenters and are a level directly above a free Guest. On top of the increased WorkCenter capabilities, Standard Members can also create WorkCenters.

WorkCenter Administrators have access to WorkCenter administration functions without access to account administration functions. On top of the ability to create WorkCenters, WorkCenter Administrators can:

  • View and edit any WorkCenter in the account, regardless of their WorkCenter membership.

  • Archive any WorkCenter in the account.

  • Un-archive (re-activate) any WorkCenter in the account.

  • Create, edit, and delete files, tasks, and posts on any WorkCenter in the account.

  • Add and remove collaborators on any WorkCenter in the account.

  • Change the role of existing collaborators on any WorkCenter in the account.

  • Add a template to a new or existing WorkCenter, regardless of their WorkCenter membership.

  • Use the following WorkCenter Settings functionality: Import from Template, Archive, Edit Name, Edit Category, Edit Description, Require Incoming Email Approvals.

    Note that these users will not be able to delete any WorkCenter regardless of their WorkCenter membership or use the following WorkCenter Settings functionality: Add Category, WorkCenter is a Template.

Note

When a WorkCenter Administrator interacts with a WorkCenter they do not belong to, the system adds the WorkCenter Administrator to the WorkCenter as an inactive Collaborator.

User Administrators are designed to be able to manage users on Procorem. On top of the ability to create WorkCenters, User Administrators can do the following:

  • Update users

  • Remove users from an account

  • Upgrade guests to members

  • Downgrade members to guests

  • Add users in bulk to WorkCenters

  • Change WorkCenter roles of a user

Note

User Administrators can perform the above tasks on every type of user except an Account Administrator.

Account Administrators are the top tier user in Procorem. They can do everything that is possible in Procorem. Regardless of whether they are on a WorkCenter or not, they can access the information within that WorkCenter. Additional capabilities Account Administrators can perform:

  • Update account name, logo

  • De-activate (cancel) and account

  • View de-activated accounts

  • Reactivate accounts

  • Upgrade an account subscription

  • Create WorkCenter categories

  • Delete WorkCenter categories

  • Create file types

  • Delete file types

  • Create file statuses

  • Delete file statuses

  • Create a person connection

  • Delete a person connection

  • Enable/disable Procorem apps

  • Make another user an Account Administrator

  • Remove another user as Account Administrator

  • View all activity for a person on an account (Edit Person - Activity tab)

  • Delete a WorkCenter

  • Archive a WorkCenter

  • Reactivate (unarchive) an WorkCenter

  • Create a custom WorkCenter role

  • Update a custom WorkCenter role

  • Delete a custom WorkCenter role

  • Update credit card information

  • View transaction history

  • Manage user licenses

  • Designate WorkCenters as templates

WorkCenter Security Roles

Procorem comes with three basic security roles that can be applied to all WorkCenter users. These security roles add an additional layer of security in terms of how users interact with information on each WorkCenter. The three out-of-box security roles are:

  • Read-Only—A Read-Only collaborator can view everything on a WorkCenter as well as download files. Read-Only users cannot make any changes to the WorkCenter.

  • Contributor—Contributor is your standard access for guests. Contributors can do everything with files, have no permissions around creating, deleting, or moving folders, have the ability to manage and create posts, and can create task comments.

  • WorkCenter Owner—WorkCenter Owner is your top tier role within a WorkCenter. In order to be a WorkCenter Owner, you must first be a Non Admin Member or above. WorkCenter owners can do anything within a WorkCenter. This includes creating tasks, adding collaborators, and managing folder and file structure.

Note

Account Administrators and WorkCenter Administrators supersede any WorkCenter security roles. Regardless of WorkCenter security, your Account Admins and WorkCenter Admins will be able to perform all functions in a WorkCenter. These Admins do not need to be listed on a WorkCenter to have access to the information on that WorkCenter.  However, making any changes on a WorkCenter as an Account Administrator or WorkCenter Administrator will automatically add you to that WorkCenter to ensure a secure audit trail.

On top of the three out-of-box WorkCenter security roles, Account Administrators can create customized security roles which can be used across all the WorkCenters on the Account. By picking and choosing from a list of permissions around files, folders, posts, tasks, and WorkCenters, Account Administrators can completely configure what their users can and can’t do in Procorem. See the WorkCenter Security Roles section of the Help Center for complete details on how to set up these custom roles.