This document provides a comprehensive reference for all permissions available in the Drum application. Each permission controls specific functionality and access within the system.
Core Administrative Permissions
Manage Permissions
Controls: User role and permission management system
View and access the "User Permissions" menu
Create, edit, and delete account roles
Assign permissions to roles
Add/remove users from roles
Warning: This permission allows users to grant themselves additional permissions
Account User Permissions
These permissions provide granular control over user management, allowing non-admin users to manage account members:
Read Account Users
View the account page with user listing
See all account members, their roles, and assigned permissions
View pending invitations
View archived users
Note: Also grants access to view account details
Create Account Users
Access the invitation form
Send invitations to new users
Set initial roles (admin/member/timesheet only) for invited users
Assign permission roles to invited users
Manage all aspects of account invitations (edit, resend, delete)
Update Account Users
Edit existing account users
Change user roles between admin/member/timesheet only
Assign or remove permission roles
Configure finance delegation settings
Send password reset emails to users
Restore archived users
Delete Account Users
Archive account users (removes access while preserving data)
Archived users lose access but maintain historical data
Note: Cannot archive the account owner
These permissions enable delegation of user management without granting full admin access. For example, an HR role could have all four permissions to fully manage users, while a team lead might only have read access.
Dashboard & Reporting Permissions
Team Dashboard
View team-specific dashboard
See team bookings and projects
View team task metrics (overdue, due today, due this week)
Access filtered task lists for team members only
Business Dashboard
View business-wide dashboard
See all bookings and projects across the account
View all task metrics system-wide
Access complete task lists for entire business
Project & Opportunity Management
Project Permissions (Hierarchical)
All Projects Level
Create Projects - Create new projects (global permission)
Read All Projects - View all projects in the system
Update All Projects - Edit any project
Delete All Projects - Archive/delete any project
Change Project Rates - Modify project billing rates
Team Projects Level
Read Team Projects - View projects where team members are assigned
Update Team Projects - Edit team projects
Delete Team Projects - Archive/delete team projects
Individual Projects Level
Read Assigned Projects - View only directly assigned projects
Update Assigned Projects - Edit only directly assigned projects
Delete Assigned Projects - Archive/delete only assigned projects
Opportunity Permissions (Hierarchical)
Same structure as projects:
Create Opportunities, View Opportunity Insights
All level: Read All Opportunities, Update All Opportunities, Delete All Opportunities
Team level: Read Team Opportunities, Update Team Opportunities, Delete Team Opportunities
Individual level: Read Assigned Opportunities, Update Assigned Opportunities, Delete Assigned Opportunities
Project Metrics
View Project Metrics - Access project financial metrics and insights
View Gross Profit - View gross profit information (requires account setting enabled)
Company Management
Create Companies - Create new client/supplier companies
Read Companies - View company lists and details
Update Companies - Edit company information
Delete Companies - Archive companies
Resource & Booking Management
Available Resources
Create Available Resources - Add new bookable resources (staff, contractors, equipment)
Read Available Resources - View resource lists
Update Available Resources - Edit resource details and rates
Delete Available Resources - Archive resources
Resource Financials - View resource cost rates and financial information
The "Resource Financials" will allow the individual to see the "cost rate" of other staff/contractors, which may be sensitive information.
Bookings
Create Bookings - Create new bookings
Read Bookings - View bookings
Update Bookings - Edit booking details
Delete Bookings - Remove bookings
Calendar Access
Calendar - View calendar in read-only mode
Calendar Planner - Access interactive planner mode with drag-and-drop
View All Leave Requests - See all employee leave requests (vs. own only)
Financial Management
Finance Configuration
Create Finance - Full access to finance settings (tax rates, finance accounts, line item codes)
Controls access to create, view, edit, and delete tax rates, finance accounts, and line item codes
Located under "Finance Settings" in the admin navigation
Used for setting up chart of accounts and tax configuration
Required for Xero integration setup
Quotes
Create Quotes - Create new quotes
Read Quotes - View quotes
Update Quotes - Edit quotes (includes budget sync, project conversion)
Delete Quotes - Archive/delete quotes
Approve Quotes - Set quote status to "approved"
Invoices
Create Invoices - Create invoices, credit notes, write-offs
Read Invoices - View invoices
Update Invoices - Edit invoices
Delete Invoices - Archive/delete invoices
Approve Invoices - Approve invoices for finance integration
Costs
Create Costs - Create project costs
Read Costs - View costs
Update Costs - Edit costs
Delete Costs - Remove costs
Approve Costs - Approve costs (set status to "approved")
Create Cost Purchase Orders - Create purchase orders in external systems
Expense Claims
Create Expense Claims - Submit expense claims
Read Expense Claims - View expense claims
Update Expense Claims - Edit expense claims
Delete Expense Claims - Remove expense claims
Approve Expense Claims - Approve expense claims
Budgets
Create Budgets - Create budgets and variations
Read Budgets - View budget information
Update Budgets - Edit budgets
Delete Budgets - Remove budgets
Timesheet Management
Manage Staff Timesheets
View and manage timesheets for all staff
Create/edit time entries for other users
Access staff timesheet views
Approve Timesheets
Change timesheet status to "approved"
Use bulk approval functionality
Time Tracking Scope
Track Time Against All Tasks - Track time on any task (default: true)
Track Time Against Allocated Tasks - Restrict to assigned tasks only (default: true)
Insights & Analytics
Business Insights
Full business analytics access
Revenue reports and projections
Staff utilization across company
Complete financial summaries
Own Team Insights
Analytics for team projects only
Limited to projects with team member assignments
Requires user to be set up as a bookable resource
Individual Insights
View insights for all individual resources
Personal performance metrics
Own Individual Insights
View only own performance data
Personal utilization and timesheets
Requires user to be set up as a bookable resource
Project Insights
Project performance metrics
Hour allocation reports
Non-financial project analytics
View Revenue Projections
Access revenue forecasting
View projected revenue calculations
Requires account setting enabled
Email & Communication
Business Emails
View all project emails across the business
Full email thread visibility
Assigned Project Emails
View emails only for assigned projects
Limited by project/task assignment
System Configuration
Customisation
Controls all template and system configuration:
Template fields management
Project and document templates
Status types (project, supplier, company, contract)
Resource and leave types
Team management
Cost and booking types
Tracking categories
Custom fields
Lead scores
Procedures and procedure items
Contract templates
Business overheads
Tags
Create Tags - Create new tags for projects/opportunities
Update Tags - Edit existing tags
Important Notes
Admin Override: Admin users have all permissions regardless of role assignments
Timesheet-Only Users: Have restricted access - cannot access most features, no matter the roles assigned to them. They only have access to the timesheet and "live timer" in the navigation bar.
Permission Hierarchy: Higher-level permissions include lower-level access (e.g., Read All Projects includes team and assigned access)
Account Settings: Some permissions require account-level settings to be enabled (e.g., View Gross Profit requires the "Show Gross Profit" setting to be enabled)
Available Resource: Some permissions require users to be set up as a bookable resource in the system
Permission Dependencies
Some permissions work together or have dependencies:
View Gross Profit requires the "Show Gross Profit" feature in your Drum account to be enabled
View Revenue Projections requires the "Enable Revenue Projections" feature to be enabled
Team permissions require the user to have team assignments
Individual permissions require direct project/task assignments
Read Account Users is required to access the account page where user management happens
Common Permission Role Examples
HR Manager Role
Full user management without account administration:
Read Account Users - View all users
Create Account Users - Invite new employees
Update Account Users - Manage user roles and permissions
Delete Account Users - Archive departing employees
Read Available Resources - View resource list
Create Available Resources - Create resources for new employees
Project Manager Role
Project and team management:
Create Projects - Create new projects
Read All Projects - View all projects
Update All Projects - Edit any project
Change Project Rates - Manage billing rates
Create Bookings - Schedule resources
Read Account Users - View team members
Project Insights - View project analytics
Finance Manager Role
Financial oversight and management:
Create Finance - Manage finance settings
Approve Invoices - Approve invoices
Approve Costs - Approve costs
Approve Expense Claims - Approve expenses
Business Insights - View financial analytics
Resource Financials - View resource rates
Team Lead Role
Limited management for team projects:
Read Team Projects - View team projects
Update Team Projects - Edit team projects
Read Account Users - View team members
Own Team Insights - View team analytics
Approve Timesheets - Approve team timesheets