Understanding User Permissions in Mastt
Essential guide to Mastt permissions and user access for construction project managers
Mastt permissions control what users can see and do across your workspace, programs, and projects. Understanding how permissions work helps you give team members the right access level while keeping your project data secure.
The Three Permission Levels
Mastt uses three permission levels that determine what users can do:
Read (Viewer)
Users can view information but cannot make changes. Use this for stakeholders, clients, or team members who need to monitor progress without editing project data.
Write (Standard)
Users can view and edit content within their assigned areas. This is the typical access level for active team members contributing to projects.
Admin (Administrator)
Users have full control, including the ability to manage other users and configure settings. Assign this carefully to trusted team members only.
The Three Organisational Levels
Mastt is structured in three layers, and permissions apply at each:
Workspace
The highest level representing your company or program of work. Your subscription applies at the workspace level. Workspace Admins control everything in the workspace.
Program
Collections of related projects grouped together. Programs help organise larger initiatives or portfolios of work. Program Admins manage the program and all projects within it.
Project
Individual construction jobs where day-to-day work happens. Users are typically assigned specific projects they work on.
How Permission Inheritance Works
The core principle: permissions flow downward. Higher-level access automatically includes lower-level access.
Workspace Admin
Automatically gets Admin access to all programs and projects in that workspace. They can access any project without being directly assigned, though only directly assigned projects appear on their home page.
Program Admin
Automatically gets Admin access to all projects within that program (in the same workspace). They inherit permissions downward but do not automatically access projects in other programs.
Direct Project Assignment
Affects only that specific project. A user with project-level access does not automatically get access to the program or workspace.
Assignment vs. Access: What's the Difference?
These terms mean different things in Mastt:
Assignment
When a user is assigned to a project, program, or workspace, it appears on their home page for easy access.
Access
The ability to open and view a resource, whether assigned or not. A user might access a project through workspace settings without it appearing on their home page (if they are not directly assigned).
Example: A Workspace Admin can access any project in the workspace but will only see directly assigned projects on their home page.
Permission Details by Organisational Level
Workspace Permissions
- Admin: Full control over the workspace, all programs, and all projects
- Member: Access to assigned projects and programs only
Program Permissions
- Admin: Manage the program and all projects within it; can reopen cash flow months
- Write: Edit program content and assigned projects
- Read: View program information only
Project Permissions
- Admin: Full project control including user management; can reopen cash flow months
- Write: Edit project content and data
- Read: View project information only
Common Permission Setups by Role
Project Manager
Typically given Admin access on their specific projects, plus Read access to related programs for context and reporting.
Program Director
Given Admin access on their program, plus direct access to key projects they're actively involved in.
Team Member
Given Write access on projects they contribute to plus Read access to programs for reporting and overview.
Workspace Admin
Full control over everything in the workspace. Can access all projects without assignment (though only assigned projects appear on their home page).
Client or Stakeholder
Given Read access on specific projects or programs they need to monitor, without ability to make changes.
Important Considerations
Workspace Admin is powerful
Only assign Workspace Admin access to trusted team members. They can access and modify anything in the workspace.
Start minimal
Give users the minimum permissions they need to do their job. You can always increase access later if they need it.
Review regularly
Audit permissions monthly, especially after team changes or when projects wrap up. Remove access promptly when users move to other projects or leave the team.
Document your approach
Keep records of who has Admin access and why. This supports compliance and helps you maintain consistency as your team grows.
FAQs
Q: Why can't a user see a project on their home page even though they have access?
They likely have access through a higher-level assignment (like Workspace Admin) but are not directly assigned to that specific project. Assign them directly to see it on their home page.
Q: What's the difference between Program Admin and Project Admin?
Program Admin manages the entire program and all projects within it. Project Admin manages only that specific project. Program Admin is the higher level and includes more control.
Q: If I make someone a Workspace Admin, can I limit their access to specific areas?
No. Workspace Admin has full control over the entire workspace. If you want to limit access to specific areas, use Program Admin or project-level assignments instead.
Q: Can a user have different permission levels on different projects?
Yes. A user can be Admin on one project, Write on another, and Read on a third. Permissions are assigned individually at each level.