Each individual user's access to Procore is determined by their assigned permissions. Permissions are assigned for each user at two (2) levels:
Both project level and company level tool permissions are managed by using Permission Templates. When you license Procore and start setting up your company's account, you'll see a set of default permission templates available to assign to users in your account. You can use these templates as they are, or you can modify them to fit the needs of your team.
When configuring permissions it's usually best to give users just enough access to accomplish their work, but not more. This approach helps minimize the potential for errors, and maximize the security and integrity of your project data.
There are many types of configurations you can achieve when managing permissions in Procore. The way permissions work at both the company and project level is very similar. Permissions are layered using three (3) components:
General permissions levels are the basic permission levels available for each tool in Procore. They are:
With few exceptions, users will be granted one of these general permission levels on all tools, both company and project level, across their company's Procore account. Then, additional permission layers like granular permissions can be added to enhance a user's capabilities in a more granular way.
There are other permissions that can be used to refine the capabilities of a user, in combination with a general permission level (like 'Read Only', or 'Standard'). These are called 'granular permissions.' You can think of granular permissions like an extra layer on top of the general permission levels. They allows users just a little bit more access to a specific part of a tool, without moving them up an entire general permission level.
This extra permission layer isn't applicable to users with 'None' permissions, because when assigned 'None' permissions on a tool, users have no access that tool at all. This extra layer also doesn't apply to users with 'Admin' level permissions because those users already have the ability to do everything that's possible in a tool.
This permission layer is primarily used to give a user the ability to perform a specific task in a tool that the general permission level they're assigned doesn't allow for alone. For example, a user with 'Standard' level permissions to the Directory tool (either project or company level) can't add a new user to the Directory. However, if that user is given the granular permission 'Create and edit users', they can then take that specific action in addition to the actions they can take with 'Standard' level permissions alone.
To learn more about the granular permissions that are available in Procore, and how to assign them, explore these resources:
In some less common situations, there might be a third layer of permissions to assign a user to allow them to accomplish a task. This layer, called 'Role-based privileges', is only applicable to a few tools.
For example, if your company licenses the ERP Integrations tool to manage an integration with your ERP system, you will need to assign at least one user the role of 'Accounting Approver'. This role assignment is NOT managed in permission templates. The way you assign a role-based privilege depends on the specific privilege you're assigning.
Using the example of the 'Accounting Approver' role, you can assign this privilege to a user directly from their Company level Directory record. This particular role option is located just above the space where you can see their assigned permission templates, but is not part of a permission template or considered a granular permission. It is not visible in the Permissions tool, or in any permission templates.
To learn more about the role-based 'Accounting Approver' privilege, see Grant Accounting Approver Privileges.
Procore has two levels of tools, Project level and Company level. Users are assigned permissions to these tools using permission templates.
All users are given a general permission level for each tool, like 'Standard', or 'Read Only'. You can choose to assign an extra layer of more granular capabilities using granular permissions.
Some less common scenarios might require a user to be given a role-based permission in addition to a general permission level, or a general permission level with added granular permissions, to be able to accomplish certain tasks.
Explore the User Permission Matrix to review the permissions required to perform any task in any Procore tool on the web, and the Mobile User Permission Matrix to review permission requirements for tasks specific to the iOS and Android Procore applications.