A billing rate is sensitive information. Org Admins can control access to billing rates in a tab in the Billing Setup Advanced tool, where they can turn rate-viewing permissions on or off for users in their Org.
When a user does not have rate-viewing permissions, no rates across the Org will show when adding a time entry, in the project billing section, in Timesheet, or in newly-created reports. Users without rate-viewing permissions do not typically have access to the invoice modal and will not be able to edit or view invoices
Org Admins should also take several other steps to adequately limit rate-viewing, including reviewing access to tools and reports, and setting up invoice PDF saving.
Adjust View Rates Toggle
Org Admin users can adjust rate permissions in the Billing Setup Advanced tool.
Navigate to the Billing Setup Advanced tool by clicking the main menu, and selecting Advanced from the dropdown. Select Billing Setup from the left hand menu and then click the Access tab.
In this tab, you can view a list of all users in the Org with their current “View Rates” permissions. By default, users do not have access to view rates. To turn rate viewing on or off for a user, click the toggle next to their name in the View Rates column.
You can also apply rate permissions to multiple users at a time. Select all users you’d like to change rate permissions for and then click the lock icon to open the Billing Rates Access flyout. Select “On” or “Off.” Review the list of users. Click the “X” next to any users you do not want to include. When you’ve reviewed users, click Update Access to apply the rate permissions changes.
Additional Rate Permission Steps
To ensure rate permissions are adequately hidden, Org Admins should also take several further steps when setting up rate permissions for their Org, including:
- review access to other Advanced tools
- turn on the option to save invoice PDFs to a select project
- review reports
Review Advanced Tools
Rates always appear in Advanced tools. If a user has access to any Advanced tools where rates are currently listed, like Billing or Billing Setup, they will be able to view rates regardless of their rate permissions status. To ensure the user cannot view rates, make sure they do not have access to these Advanced tools.
Save Invoice PDFs to a Selected Project
Users without rate-viewing permission cannot view the invoice modal, since invoices include rate information. However, if invoice PDFs are stored in the project’s Docs section, all users with collaborator or Admin permissions can view them.
To avoid giving access to invoices to all users, you can store all of your Org’s invoice PDFs in the Docs section of a single, centralized project for security and ease of access. When this option is turned on, users with rate-viewing permissions will still be able to view invoices in the Billing section of the originating project.
To save invoices to a single project, create a project that will house all invoice PDFs. Then, navigate to the Billing Setup Advanced tool and select the Invoices tab. Click Invoice Generation Settings.
In this section, toggle to save all invoiced PDFs to a single selectedproject. Enter the project you’ve created to house the PDFs.
For users without rate-viewing permissions, report columns or criteria with rate-sensitive information are not available. If a user has access to multiple Orgs and they do not specify an Org in the report, then rules of the Org with the least permissions are used.
Rate-sensitive columns and criteria include:
- Original Total
- Final Total
- Un-invoiced Balance
- Invoice Link
- Invoice Doc Link
If users with rate-viewing permissions attempt to share a report with rate-sensitive information, they will receive a warning notice. If they choose to share the report, the other user will be able to view any rate-sensitive information on it. If invoice links are included in the report, any user with access will be able to open the invoice modals using those links.
You should review any shared reports for rate sensitive information, and ensure that all reports with rate-sensitive information are shared only with the appropriate users.