Skip to main content

Drum Permissions

Drum has a very flexible permissions system - here's how it works

Ben Walker avatar
Written by Ben Walker
Updated over 2 weeks ago

This document provides a comprehensive reference for all permissions available in the Drum application. Each permission controls specific functionality and access within the system.


Core Administrative Permissions

Manage Permissions

Controls: User role and permission management system

  • View and access the "User Permissions" menu

  • Create, edit, and delete account roles

  • Assign permissions to roles

  • Add/remove users from roles

  • Warning: This permission allows users to grant themselves additional permissions

Account User Permissions

These permissions provide granular control over user management, allowing non-admin users to manage account members:

Read Account Users

  • View the account page with user listing

  • See all account members, their roles, and assigned permissions

  • View pending invitations

  • View archived users

  • Note: Also grants access to view account details

Create Account Users

  • Access the invitation form

  • Send invitations to new users

  • Set initial roles (admin/member/timesheet only) for invited users

  • Assign permission roles to invited users

  • Manage all aspects of account invitations (edit, resend, delete)

Update Account Users

  • Edit existing account users

  • Change user roles between admin/member/timesheet only

  • Assign or remove permission roles

  • Configure finance delegation settings

  • Send password reset emails to users

  • Restore archived users

Delete Account Users

  • Archive account users (removes access while preserving data)

  • Archived users lose access but maintain historical data

  • Note: Cannot archive the account owner

These permissions enable delegation of user management without granting full admin access. For example, an HR role could have all four permissions to fully manage users, while a team lead might only have read access.


Dashboard & Reporting Permissions

Team Dashboard

  • View team-specific dashboard

  • See team bookings and projects

  • View team task metrics (overdue, due today, due this week)

  • Access filtered task lists for team members only

Business Dashboard

  • View business-wide dashboard

  • See all bookings and projects across the account

  • View all task metrics system-wide

  • Access complete task lists for entire business


Project & Opportunity Management

Project Permissions (Hierarchical)

All Projects Level

  • Create Projects - Create new projects (global permission)

  • Read All Projects - View all projects in the system

  • Update All Projects - Edit any project

  • Delete All Projects - Archive/delete any project

  • Change Project Rates - Modify project billing rates

Team Projects Level

  • Read Team Projects - View projects where team members are assigned

  • Update Team Projects - Edit team projects

  • Delete Team Projects - Archive/delete team projects

Individual Projects Level

  • Read Assigned Projects - View only directly assigned projects

  • Update Assigned Projects - Edit only directly assigned projects

  • Delete Assigned Projects - Archive/delete only assigned projects

Opportunity Permissions (Hierarchical)

Same structure as projects:

  • Create Opportunities, View Opportunity Insights

  • All level: Read All Opportunities, Update All Opportunities, Delete All Opportunities

  • Team level: Read Team Opportunities, Update Team Opportunities, Delete Team Opportunities

  • Individual level: Read Assigned Opportunities, Update Assigned Opportunities, Delete Assigned Opportunities

Project Metrics

  • View Project Metrics - Access project financial metrics and insights

  • View Gross Profit - View gross profit information (requires account setting enabled)

Company Management

  • Create Companies - Create new client/supplier companies

  • Read Companies - View company lists and details

  • Update Companies - Edit company information

  • Delete Companies - Archive companies


Resource & Booking Management

Available Resources

  • Create Available Resources - Add new bookable resources (staff, contractors, equipment)

  • Read Available Resources - View resource lists

  • Update Available Resources - Edit resource details and rates

  • Delete Available Resources - Archive resources

  • Resource Financials - View resource cost rates and financial information

The "Resource Financials" will allow the individual to see the "cost rate" of other staff/contractors, which may be sensitive information.

Bookings

  • Create Bookings - Create new bookings

  • Read Bookings - View bookings

  • Update Bookings - Edit booking details

  • Delete Bookings - Remove bookings

Calendar Access

  • Calendar - View calendar in read-only mode

  • Calendar Planner - Access interactive planner mode with drag-and-drop

  • View All Leave Requests - See all employee leave requests (vs. own only)


Financial Management

Finance Configuration

  • Create Finance - Full access to finance settings (tax rates, finance accounts, line item codes)

    • Controls access to create, view, edit, and delete tax rates, finance accounts, and line item codes

    • Located under "Finance Settings" in the admin navigation

    • Used for setting up chart of accounts and tax configuration

    • Required for Xero integration setup

Quotes

  • Create Quotes - Create new quotes

  • Read Quotes - View quotes

  • Update Quotes - Edit quotes (includes budget sync, project conversion)

  • Delete Quotes - Archive/delete quotes

  • Approve Quotes - Set quote status to "approved"

Invoices

  • Create Invoices - Create invoices, credit notes, write-offs

  • Read Invoices - View invoices

  • Update Invoices - Edit invoices

  • Delete Invoices - Archive/delete invoices

  • Approve Invoices - Approve invoices for finance integration

Costs

  • Create Costs - Create project costs

  • Read Costs - View costs

  • Update Costs - Edit costs

  • Delete Costs - Remove costs

  • Approve Costs - Approve costs (set status to "approved")

  • Create Cost Purchase Orders - Create purchase orders in external systems

Expense Claims

  • Create Expense Claims - Submit expense claims

  • Read Expense Claims - View expense claims

  • Update Expense Claims - Edit expense claims

  • Delete Expense Claims - Remove expense claims

  • Approve Expense Claims - Approve expense claims

Budgets

  • Create Budgets - Create budgets and variations

  • Read Budgets - View budget information

  • Update Budgets - Edit budgets

  • Delete Budgets - Remove budgets


Timesheet Management

Manage Staff Timesheets

  • View and manage timesheets for all staff

  • Create/edit time entries for other users

  • Access staff timesheet views

Approve Timesheets

  • Change timesheet status to "approved"

  • Use bulk approval functionality

Time Tracking Scope

  • Track Time Against All Tasks - Track time on any task (default: true)

  • Track Time Against Allocated Tasks - Restrict to assigned tasks only (default: true)


Insights & Analytics

Business Insights

  • Full business analytics access

  • Revenue reports and projections

  • Staff utilization across company

  • Complete financial summaries

Own Team Insights

  • Analytics for team projects only

  • Limited to projects with team member assignments

  • Requires user to be set up as a bookable resource

Individual Insights

  • View insights for all individual resources

  • Personal performance metrics

Own Individual Insights

  • View only own performance data

  • Personal utilization and timesheets

  • Requires user to be set up as a bookable resource

Project Insights

  • Project performance metrics

  • Hour allocation reports

  • Non-financial project analytics

View Revenue Projections

  • Access revenue forecasting

  • View projected revenue calculations

  • Requires account setting enabled


Email & Communication

Business Emails

  • View all project emails across the business

  • Full email thread visibility

Assigned Project Emails

  • View emails only for assigned projects

  • Limited by project/task assignment


System Configuration

Customisation

Controls all template and system configuration:

  • Template fields management

  • Project and document templates

  • Status types (project, supplier, company, contract)

  • Resource and leave types

  • Team management

  • Cost and booking types

  • Tracking categories

  • Custom fields

  • Lead scores

  • Procedures and procedure items

  • Contract templates

  • Business overheads

Tags

  • Create Tags - Create new tags for projects/opportunities

  • Update Tags - Edit existing tags


Important Notes

  1. Admin Override: Admin users have all permissions regardless of role assignments

  2. Timesheet-Only Users: Have restricted access - cannot access most features, no matter the roles assigned to them. They only have access to the timesheet and "live timer" in the navigation bar.

  3. Permission Hierarchy: Higher-level permissions include lower-level access (e.g., Read All Projects includes team and assigned access)

  4. Account Settings: Some permissions require account-level settings to be enabled (e.g., View Gross Profit requires the "Show Gross Profit" setting to be enabled)

  5. Available Resource: Some permissions require users to be set up as a bookable resource in the system

Permission Dependencies

Some permissions work together or have dependencies:

  • View Gross Profit requires the "Show Gross Profit" feature in your Drum account to be enabled

  • View Revenue Projections requires the "Enable Revenue Projections" feature to be enabled

  • Team permissions require the user to have team assignments

  • Individual permissions require direct project/task assignments

  • Read Account Users is required to access the account page where user management happens

Common Permission Role Examples

HR Manager Role

Full user management without account administration:

  • Read Account Users - View all users

  • Create Account Users - Invite new employees

  • Update Account Users - Manage user roles and permissions

  • Delete Account Users - Archive departing employees

  • Read Available Resources - View resource list

  • Create Available Resources - Create resources for new employees

Project Manager Role

Project and team management:

  • Create Projects - Create new projects

  • Read All Projects - View all projects

  • Update All Projects - Edit any project

  • Change Project Rates - Manage billing rates

  • Create Bookings - Schedule resources

  • Read Account Users - View team members

  • Project Insights - View project analytics

Finance Manager Role

Financial oversight and management:

  • Create Finance - Manage finance settings

  • Approve Invoices - Approve invoices

  • Approve Costs - Approve costs

  • Approve Expense Claims - Approve expenses

  • Business Insights - View financial analytics

  • Resource Financials - View resource rates

Team Lead Role

Limited management for team projects:

  • Read Team Projects - View team projects

  • Update Team Projects - Edit team projects

  • Read Account Users - View team members

  • Own Team Insights - View team analytics

  • Approve Timesheets - Approve team timesheets

Did this answer your question?