Appearance
Roles & Permissions
VERA has three permission roles. Each role scopes what data is visible and what actions are allowed.
The three roles
Owner
Full access. Owners see everything including dollar amounts, all projects, all users, rates, and liabilities.
Owners can:
- Create, rename, and delete projects
- Set project budgets and deadlines
- Assign project managers
- Add, update, deactivate, and reactivate users
- Promote users to Manager or Owner
- Set hourly cost rates (Rate History)
- Create and cancel liabilities
- View all financial data (revenue, cost, margin, contract values)
- See all projects across all clients
- Approve or reject time off requests
- Log their own time off directly — no approval flow required
- Access all tools without restriction
Manager
Scoped access. Managers see their assigned projects and percentages — never dollar amounts. They are the day-to-day operational role.
Managers can:
- View their assigned projects (where they are the PM)
- See percentages: budget % used, margin %, utilisation %
- See project deadlines (needed for delivery planning)
- Create and manage envelopes for their assigned projects
- Enable/disable tasks and set task budgets for their assigned projects
- Approve or reject time off requests
- Log sick days and leave on behalf of team members
- View team capacity and burn rate for assigned projects
- See liabilities for their assigned projects (read only)
Managers cannot:
- Create or delete projects
- Set project-level budgets (Tier 1) — only Owners do this
- Promote users or change roles
- See dollar amounts, rates, or contract values
- Access projects they are not assigned to as PM
- Create or cancel liabilities
User
The base role. Users track their own time and manage their own schedule.
Users can:
- Log time for themselves
- Edit and delete their own time entries
- View their own time history
- See their own envelopes ("what should I work on?")
- Request time off (PTO, sick, leave)
- View their own time off history
Users cannot:
- Log time for others
- View other people's time entries
- See project deadlines (deadlines are never shown to Users under any circumstances)
- See financial data of any kind
- Manage envelopes, projects, or other users
- Approve time off requests
Permission matrix
| Action | Owner | Manager | User |
|---|---|---|---|
| Log time (self) | ✅ | ✅ | ✅ |
| Log time (others) | ✅ | ✅ (own projects) | ❌ |
| View own time | ✅ | ✅ | ✅ |
| View team time | ✅ | ✅ (own projects) | ❌ |
| Create project | ✅ | ❌ | ❌ |
| Delete project | ✅ | ❌ | ❌ |
| Set project budget (Tier 1) | ✅ | ❌ | ❌ |
| Allocate hours (Tier 2) | ✅ | ✅ (own projects) | ❌ |
| Set task budgets | ✅ | ✅ (own projects) | ❌ |
| Assign PM | ✅ | ❌ | ❌ |
| Add users | ✅ | ❌ | ❌ |
| Change user roles | ✅ | ❌ | ❌ |
| Deactivate/reactivate users | ✅ | ❌ | ❌ |
| See project deadlines | ✅ | ✅ | ❌ |
| See dollar amounts / revenue | ✅ | ❌ | ❌ |
| See budget percentages | ✅ | ✅ (own projects) | ❌ |
| See rates (hourly cost) | ✅ | ❌ | ❌ |
| See contract values | ✅ | ❌ | ❌ |
| Create liabilities | ✅ | ❌ | ❌ |
| View liabilities | ✅ | ✅ (own projects) | ❌ |
| Cancel liabilities | ✅ | ❌ | ❌ |
| Approve time off | ✅ | ✅ | ❌ |
| Request time off (own) | ✅ direct | ✅ pending | ✅ pending |
| Add company holidays | ✅ | ❌ | ❌ |
| View capacity forecast | ✅ | ✅ (own projects) | ❌ |
Role assignment
Roles are set in the 03. Users sheet:
"owner"— full access"manager"— project-scoped access"user"— self-only access
Users are auto-registered with the user role when they first message the bot. Only Owners can promote a user to Manager or Owner.
Promoting via assign_pm
The assign_pm tool is a shortcut that promotes a User to Manager and assigns them to a project in a single step. If someone needs to be made PM before they've messaged the bot, they need to message it first so VERA can register their Slack ID.
Deadlines and Users
Deadlines are visible to Owners and Managers. They are never shown to Users under any circumstances. This is a deliberate design decision — deadlines exist for financial accrual and capacity planning, not for individual task management. When a User asks about a project deadline, VERA omits it from the response without acknowledging that a deadline exists.
Financial data in public spaces
Financial figures — hourly rates, contract values, agreed liability amounts — must never appear in shared or public Slack channels (including the audit channel). The audit channel is visible to anyone subscribed, which may include Users who are not permitted to see financial data.
VERA enforces this in two ways:
set_ratedoes not post to the audit channel at all — rate changes are recorded in the server console only, never in Slack.create_liabilityposts an audit message recording the action (vendor, project, description) but never includes the dollar amount. The actual figures are only accessible to Owners via direct conversation with the bot.
Inactive users
Deactivated users (status = "inactive") cannot log time or take any actions. Their historical entries are preserved. They appear in list_users with (inactive) next to their name.
Use reactivate_user to restore access.
Further reading
- The Data Is Only Worth Protecting If It's Worth Something — the thinking behind three access levels and why owners, managers, and users need different views