guides / G-07 · updated Jul 5, 2026
Roles, permissions & security
Access control in PMOlikePRO is not a set of hidden buttons — it is enforced where the data lives, at the database layer, for every read and every write.
The four roles
| Role | Sees | Changes |
|---|---|---|
| Admin | Everything | Everything, including settings & security |
| Manager | Everything operational & financial | Projects, tasks, schedules, budgets |
| Member | Only their assigned projects | Their tasks, their hours |
| Viewer | Only what they are given, read-only | Nothing |
Two consequences of the member model are worth spelling out:
- Privacy — a member cannot browse other teams’ projects, other people’s workloads, or anyone’s rates. Not “the menu is hidden” — the data is never delivered to their session.
- Scale — because each account loads only its own slice of the organization, the app stays fast as the organization grows.
Enforceable two-factor authentication
Any account can enroll in TOTP two-factor authentication (authenticator apps). Admins can go further and require MFA for the whole organization — accounts without a second factor are held at the door until they enroll. Security policy stops being a memo and becomes a property of the system.
The audit trail
Actions that matter — sign-ins, permission changes, destructive operations — are recorded in an audit log, so “who did that, and when?” has an answer. Business-tier organizations can export audit history for compliance workflows.
The quiet layers
Underneath, the platform runs the defenses you would expect of infrastructure: strict tenant isolation between organizations, rate-limited APIs, bot-challenged sign-in, and encrypted transport everywhere. The security page documents the full posture.
Where to go next
Back to the guide index — or request a demo and see the access model live with your own scenarios.