Cost Object Permissions
Cost Object Permissions determine which users can view, edit, submit, or approve Department-level plans (Cost Objects). Each Department can have one or more users assigned with edit-level permissions and, for Multi-Level Approvals, approval-level permissions.
Changes made to Cost Object Permissions are applied immediately across all plans that include the affected Cost Objects.
Only users with Admin or Budget Process Owner roles can configure Cost Object Permissions. For details on roles, see Frontdoor Permissions and Roles.
Configuring Cost Object Permissions
- Navigate to Configuration > Cost Object Permissions in the left navigation menu.
- Toggle between List View and Hierarchy View to display permissions by structure.
- Note: Hierarchy View is only available for Hierarchical Approval workflows.
- Use the table to define permissions for each Department (Cost Object):
- Cost Object – The unique identifier for the Department.
- User Name – The username of the person you want to assign permissions to.
- Edit Level – Grants edit access to the Department (Owner, Edit & Submit, Edit, or View Only).
- Approval Level – Defines approval rights (Levels 1–10) for Multi-Level Approvals only. For Hierarchical Approvals, grant approval rights by setting the user’s Edit Level to Owner.
- Can View Sensitive Columns – Allows viewing of columns marked as sensitive in the Labor line-item schema on both the Labor and Summary tabs. Refer to FAQ: Hide Sensitive Labor Data.
- Can View Sensitive Financials – Allows viewing of financial data generated from Labor lines. This data appears read-only on the Summary tab. Refer to FAQ: Hide Sensitive Labor Data.
- Use Export > Export All to download the current permissions as a .csv file for bulk updates.
To restrict budget owners to only the Departments they own:
- Enable Enforce View Permissions in the Company Profile.
- See Edit the Company Profile for more information.
Planning can only hide entire rows or columns. If a user does not have permission to view sensitive data in a column, the entire column will be hidden.
Note:
- If a user does not have permission to view sensitive data for a parent Cost Object, that restriction cascades downward unless a lower-level Cost Object explicitly grants sensitive data access.
- Users with approval permissions can approve or return plans at any time. If multiple users are assigned to the same approval level, only one approval is required to progress to the next level.
- Admins and Budget Process Owners have the ManagePlans permission, which allows a user to view, create, archive, and delete plans. A user with ManagePlans permissions can view plan data for all active and archived plans.
Hierarchical Approvals – Edit Level Permissions
Hierarchical Approvals uses Edit Level to control who can view, edit, submit, and approve within an approval workflow.
| Edit Level | View | Edit | Submit | Approve | Return | Email Alerts |
| Owner | Yes | Yes | Yes | Yes | Yes | Yes |
| Edit & Submit | Yes | Yes | Yes | No | No | No |
| Edit | Yes | Yes | No | No | No | No |
| View Only | Yes | No | No | No | No | No |
Multi-Level Approvals – Edit and Approval Permissions
In Multi-Level workflows, Edit Level and Approval Level are separate permissions, allowing administrators to define edit rights independently of approval authority.
- Edit Level: Controls whether a user can view, edit, or submit plan data.
- Approval Level: Determines whether the user is part of the approval chain (L1–L10). A user may have edit access without being an approver, or be an approver without edit rights.
| Edit Level | View | Edit | Submit | Email Alerts |
| Owner | Yes | Yes | Yes | Yes |
| Edit & Submit | Yes | Yes | Yes | No |
| Edit | Yes | Yes | No | No |
| View Only | Yes | No | No | No |
| Approval Level | Approve | Return |
| Level 1- Level 10 | Yes | Yes |
| None | No | No |