Skip to content
English
More support Ticket overview Sign in
  • There are no suggestions because the search field is empty.

Understanding the Shoreline Permission Matrix

The Shoreline platform controls user access through Permission Types (roles). Each Permission Type is a collection of permissions that determines what users can see and do in the system. This guide helps administrators understand how permissions work together and what access combinations are needed for different tasks.

Where to find this: Go to Company Settings → Permission Types. The permission matrix lists every Permission Type as a column and every permission as a row. The section order in this article matches the top-to-bottom order of rows in the matrix UI.

Understanding Permission Types

What are Permission Types?

Permission Types are configurable roles (like "Administrator," "Planner," "Worker") that bundle multiple permissions together. Each user is assigned one Permission Type that defines their access level.

Special Roles

  • Super Administrator: Has complete access to all features across all companies

  • Super User: Can access multiple company accounts

  • View All Sharing: Can see all work packages and shared items without restrictions

Permission Ranking

Permission Types are ranked from most powerful (rank 1) to least powerful (higher numbers). This prevents users from accidentally giving themselves or others more permissions than they should have:

  • Users can only modify other users with a lower rank than themselves

  • Users with rank 5 cannot edit users with ranks 1–5, only rank 6 and below

  • Super Administrators bypass rank restrictions

Permission Categories

The sections below follow the exact top-to-bottom order of the permission matrix in the UI.

1. Dashboard

Controls which dashboard widgets are visible to users.

Personal Activities

  • Access Dashboard Personal Activities: Shows the "My Activities" panel with the current user's upcoming and active work

Status & Overview

  • Access Dashboard Status and Overview: The default landing page. ⚠️ Required — all users must have this enabled

Additional Widgets

  • Access Dashboard Work Order Status: Status distribution chart

  • Access Dashboard Site Overview: Site map with status indicators

  • Access Dashboard Weather: Weather forecast panel

  • Access Dashboard Components: Component status summary

  • Access Dashboard Milestones: Milestone tracking

Configuration tip: Grant dashboard widgets based on job function — planners might see all widgets while workers might only need Personal Activities and Status Overview.

2. Reporting

Basic Access

  • Access Reporting: Opens the Reports section

  • Read Reporting: View existing reports

Creating & Editing

  • Create Reporting: Generate new reports

  • Update Reporting: Modify draft reports

  • Delete Reporting: Remove reports

  • Import Reporting: Bulk import reports

Approval Workflow

  • Manage Reporting: Approve or reject submitted reports

  • Lock Reports: Finalize reports (prevents further changes)

  • Unlock Reports: Reopen locked reports — requires higher authority than Lock Reports

Report Templates

  • Read Reporting Settings: View report templates and configurations

  • Create Reporting Settings: Add new templates

  • Update Reporting Settings: Modify templates

  • Delete Reporting Settings: Remove templates

Dependencies:

  • Creating reports from work orders requires "Read Work Orders" permission

3. Work Packages

Basic Access

  • Access Work Package: Opens the Work Packages section

  • Read Work Package: View work package assignments

Managing Work Packages

  • Create Work Package: Define new project groups

  • Update Work Package: Modify work package details

  • Delete Work Package: Remove work packages

  • Import Work Package: Bulk import work packages

Sharing Control

  • Share Access Work Package: Grant other users access to work packages. Enabling this makes the user a work package administrator who can manage access for others.

Special Rules:

  • Users normally only see data within their assigned work packages

  • Users with "View All Sharing" enabled see ALL data regardless of work package assignments

4. Work Orders

The work order system requires multiple permissions to work together.

Basic Access

  • Access Work Orders: Must be enabled to see the Work Orders menu

  • Read Work Orders: Required to view any work order information

Creating & Editing

  • Create Work Order: Add new work orders

  • Update Work Order: Edit existing work orders

  • Delete Work Order: Remove work orders

Advanced Features

  • Manage Work Order: Approve/reject completed work orders

  • Import Work Order: Bulk import work orders from files

  • Dispatch Work Order: Assign work orders to teams for execution

  • Schedule Work Orders: Change planned start and finish dates

  • Download Transferlist: Generate crew and equipment transfer lists for vessel planning

  • Lock Work Order: Prevent further changes to work orders

Time Registration

  • Delete Registered Time: Remove individual time entries

  • Register Time for Others: Log working hours on behalf of another employee. Note: requires the user to be added to the target employee's delegation list.

  • Manage Register Time For: Configure which employees a user can register time for

Timesheets

  • Manage Timesheets: Create and oversee timesheet records. Note: all users can always register their own time.

  • Lock Timesheets: Finalize timesheets for approval

  • Unlock Timesheets: Reopen locked timesheets — requires higher authority than Lock Timesheets

Important Dependencies:

  • Work orders are always linked to Sites and Assets

  • Users also need "Read Sites" and "Read Assets" permissions to work with work orders

  • Without site/asset permissions, work order creation will fail

5. Checklists

Basic Operations

  • Read Checklist: View checklists and completion status

  • Create Checklist: Start new checklists from templates

  • Update Checklist: Fill out checklist items and add comments

  • Delete Checklist: Remove checklists

QA Approval

  • QA Checklist: Perform quality assurance approval on completed checklists

Note on Templates:
Templates define the structure that workers fill out during execution. Viewing templates requires "Read Checklist" to be enabled.

Dependencies:

  • Checklists are attached to work orders

  • "Read Work Orders" is typically needed to see checklist context

6. Sites

Basic Access

  • Access Sites: Opens the Sites menu

  • Read Sites: View the site list and details

Managing Sites

  • Create Site: Add new sites

  • Update Site: Edit existing sites

  • Delete Site: Remove sites

  • Import Site: Bulk import sites from files

7. Assets

  • Read Assets: View the asset list and details

  • Create Asset: Add new assets

  • Update Asset: Edit existing assets

  • Delete Asset: Remove assets

  • Import Asset: Bulk import assets from files

  • Asset Custody: Track who physically possesses equipment

Hierarchy note: Assets belong to Sites. Users creating or managing assets also need "Read Sites."

8. Sub-Assemblies

  • Read Sub-Assembly: View sub-assembly details

  • Create Sub-Assembly: Add new sub-assemblies

  • Update Sub-Assembly: Edit existing sub-assemblies

  • Delete Sub-Assembly: Remove sub-assemblies

  • Import Sub-Assembly: Bulk import from files

Dependency: Creating sub-assemblies requires "Read Assets" and "Read Sites."

9. Components

  • Read Component: View component details

  • Create Component: Add new components

  • Update Component: Edit existing components

  • Delete Component: Remove components

  • Import Component: Bulk import from files

Dependency: Creating components requires "Read Sub-Assembly," "Read Assets," and "Read Sites."

10. Bases

Bases represent physical offshore bases or staging locations used to assign personnel home ports and support logistics planning.

  • Read Base: View defined bases

  • Create Base: Add new bases

  • Update Base: Modify base details

  • Delete Base: Remove bases

Dependencies:

  • Bases can be assigned to employees as their offshore home base

  • May be referenced when tracking equipment locations

11. Equipment

  • Read Equipment: View equipment inventory

  • Create Equipment: Add new equipment items

  • Update Equipment: Modify equipment details

  • Delete Equipment: Remove equipment

  • Import Equipment: Bulk import equipment lists

12. Inventory Locations

  • Read Location: View where equipment is stored

  • Create Location: Define new storage locations

  • Update Location: Modify location details

  • Delete Location: Remove locations

Dependency: Equipment locations may reference Sites, Bases, or Vessels. Users need read access to the relevant parent entities.

13. Vessels & Transport

Basic Access

  • Access Vessels: Opens the Vessels menu

  • Read Vessels: View vessel information

Managing Vessels

  • Create Vessel: Add new vessels/transport

  • Update Vessel: Modify vessel details

  • Delete Vessel: Remove vessels

14. Personnel

Basic Access

  • Access Employees: Required to open the Personnel section ⚠️ Required for all users who need to see personnel

  • Read Employees: View personnel lists and basic information ⚠️ Required

Managing Personnel

  • Create Employee: Add new personnel

  • Update Employee: Modify employee information, work schedules, skills

  • Delete Employee: Remove employees

  • Import Employee: Bulk import personnel from files

Special Permissions

  • Manage Employee Attachments: Upload and delete certificates, training records, and other files on behalf of others. Note: employees can always view and manage their own files.

  • Personnel Status: Manage and update personnel availability/status records

Sensitive Information

  • Read Personal Information: View phone numbers and emergency contacts

  • Create Personal Information: Add sensitive details when creating employees

  • Update Personal Information: Modify sensitive employee data

User Self-Service: All users can update their own basic profile (name, language preference, avatar) without needing "Update Employee" permission.

Personnel Contracts

  • Access Personnel Contract: Opens the Contracts section

  • Read Personnel Contract: View contract details

  • Create Personnel Contract: Add new contracts

  • Update Personnel Contract: Modify contract terms

  • Delete Personnel Contract: Remove contracts

  • Manage Personnel Contract: Approve and finalize contracts

  • Resource Manager: Grants access to resource management features for scheduling and capacity planning

  • Download Personnel Contract: Download contract documents as files

15. Paychecks

  • Read Paycheck: View paycheck records for personnel

  • Create Paycheck: Add new paycheck entries

  • Update Paycheck: Modify existing paycheck records

  • Delete Paycheck: Remove paycheck entries

  • Download Paycheck: Download paycheck documents as files

Note: Paycheck permissions are typically restricted to HR administrators and finance roles.

16. Teams

  • Access Personnel and Team: View team planning screens

  • Read Teams: View team lists and compositions

  • Create Team: Add new teams

  • Update Team: Modify team details

  • Delete Team: Remove teams

17. Planner View

Required for users who need to plan and schedule work using the Planning Calendar or Gantt Chart.

  • Access Planner View: Opens the planning calendar/Gantt view

  • Read Planner View: View scheduled work and assignments

Dependency: Users also need "Schedule Work Orders" (in the Work Orders section) to drag and adjust dates on the calendar.

18. Loadouts

Loadouts plan what equipment and personnel are assigned to vessels for a given trip or project.

  • Access Loadout: Opens the Loadout Planning section

  • Read Loadout: View loadout plans

  • Create Loadout: Build new equipment/personnel loadout plans

  • Update Loadout: Modify loadout details

  • Delete Loadout: Remove loadout plans

19. Defects

Basic Access

  • Access Defect: Opens the Defects section

  • Read Defect: View reported defects

Managing Defects

  • Create Defect: Report new defects

  • Update Defect: Edit defect details, add notes

  • Delete Defect: Remove defects

  • Manage Defect: Approve repairs and close defects

Usage:

  • Workers report defects during work order execution

  • Supervisors use "Manage Defect" to review and close resolved issues

20. Permits to Work

  • Access Permit to Work: Opens the Permits section

  • Read Permit to Work: View existing permits

  • Create Permit to Work: Issue new permits

  • Update Permit to Work: Modify permit details

  • Delete Permit to Work: Remove permits

  • Manage Permit to Work: Authorize and approve permits — typically restricted to safety supervisors

Usage: Used in high-risk environments requiring formal work authorization before work begins.

21. Marine Coordination

For defining geographic zones on site maps.

  • Read Map Areas: View defined map zones

  • Create Map Areas: Draw new areas on maps

  • Update Map Areas: Modify zone boundaries

  • Delete Map Areas: Remove map areas

22. Scenario Analysis

Used by senior planners or operations managers to model staffing and workload scenarios. Does not affect live operational data.

  • Read Scenario Analysis: View scenario plans and outputs

  • Create Scenario Analysis: Build new planning scenarios

  • Update Scenario Analysis: Modify existing scenarios

  • Delete Scenario Analysis: Remove scenarios

23. Company Settings

Basic Access

  • Access Company Settings: Opens the Settings menu ⚠️ Required to reach the permission matrix

  • Read Company Settings: View configuration including the full permission matrix ⚠️ Required to view Permission Types

Configuration Management

  • Create Company Settings: Add new configurations (skills, statuses, types, new Permission Types)

  • Update Company Settings: Modify existing settings and edit Permission Types

  • Delete Company Settings: Remove configurations and unused Permission Types

  • Import Company Settings: Bulk import configuration data

  • Import Personnel Skills: Bulk import certificates and qualifications

  • Import Transport Certificates: Bulk import vessel/transport requirements

Permission Management

All operations on Permission Types require the following settings permissions:

  • Read Company Settings — to view the matrix

  • Create Company Settings — to add new Permission Types

  • Update Company Settings — to edit Permission Types and change ranks

  • Delete Company Settings — to remove unused Permission Types

Critical Rule: Users can only edit Permission Types with a lower rank than their own. This prevents unauthorized privilege escalation.

24. Audit Log

  • Access Audit Log: View the full system activity history

25. SSO Management

  • Manage SSO: Configure Single Sign-On authentication settings for your company

26. Export Data

  • Export Data: Download system data to files. This defaults to enabled for most users.

Common Permission Scenarios

Scenario 1: Office Planner

A planner who creates and schedules work but doesn't go offshore.

Work Orders: Access Work Orders, Read Work Orders, Create Work Order, Update Work Order, Schedule Work Orders, Download Transferlist

Planning Tools: Access Planner View, Read Planner View

Supporting Data: Access Sites, Read Sites, Read Assets, Access Employees, Read Employees, Access Vessels, Read Vessels, Read Equipment

Result: Can plan work and adjust schedules, but cannot execute or approve work.

Scenario 2: Offshore Worker

A technician executing work offshore.

Work Orders: Access Work Orders, Read Work Orders, Update Work Order

Execution: Read Checklist, Update Checklist, Create Defect

Time Tracking: Manage Timesheets

Supporting Data: Access Sites, Read Sites, Read Assets

Result: Can execute assigned work, complete checklists, report defects, and log time — but cannot plan or schedule.

Scenario 3: Project Supervisor

A supervisor overseeing offshore operations.

Work Orders: Access Work Orders, Read Work Orders, Update Work Order, Manage Work Order, Lock Work Order

Execution: Read Checklist, Update Checklist, QA Checklist, Read Defect, Update Defect, Manage Defect

Time Management: Manage Timesheets, Lock Timesheets, Register Time for Others

Personnel: Access Employees, Read Employees, Update Employee

Result: Can oversee work execution, approve deliverables, manage the team, and finalize records.

Scenario 4: Administrator

A company administrator managing system configuration.

Company Settings: Access Company Settings, Read Company Settings, Create Company Settings, Update Company Settings, Delete Company Settings

Broad read access: Read Work Orders, Read Employees, Read Sites, Read Assets, Read Vessels, Read Equipment, Read Reporting

Result: Can configure the system and manage Permission Types, but may not perform day-to-day operational tasks.

Setting Up Permission Types

Best Practices

Start with gateway permissions

  • Always enable "Access [Module]" before specific operations

  • Example: Enable "Access Work Orders" before "Read Work Orders"

Read before write

  • Grant "Read" permissions before "Create/Update/Delete"

  • Example: "Read Employees" before "Update Employee"

Consider the hierarchy

  • Creating sub-assemblies → needs Read Assets + Read Sites

  • Creating work orders → needs Read Sites + Read Assets

Set appropriate ranks

  • Higher authority = lower rank number

  • Ensure supervisors have lower ranks than workers

  • Leave gaps in numbering (1, 10, 20, 30…) for future additions

Test Permission Types

  1. Create a test user with the new Permission Type

  2. Verify they can complete their intended tasks

  3. Check that restricted features are properly hidden

Troubleshooting Access Issues

"User cannot see [Feature]"

Check in order:

  • ✓ Is the gateway permission enabled? (Access [Module])

  • ✓ Is the read permission enabled? (Read [Module])

  • ✓ If in a work package: Is the user assigned to the correct work package?

"User cannot create [Item]"

Check:

  • ✓ Does the user have "Create [Item]" permission?

  • ✓ Does the user have "Read" access to all parent entities? Example: Creating work orders requires reading Sites and Assets.

  • ✓ Are all required fields filled in correctly?

"User cannot edit another user"

Check:

  • ✓ Does the editing user have "Update Employee" permission?

  • ✓ Is the editing user's Permission Type rank lower (more powerful) than the target user's rank?

  • ✓ Is the editing user a Super Administrator?

"Permission Type cannot be deleted"

Reason: Users are still assigned to that Permission Type.

Solution:

  1. Go to the Personnel list

  2. Find all users assigned to that Permission Type

  3. Reassign them to a different Permission Type

  4. Return to Company Settings and delete the unused Permission Type

Understanding "View All Sharing"

The "View All Sharing" flag is a special user-level setting that bypasses work package restrictions.

Normal users:

  • Only see work orders, assets, and data in their assigned work packages

Users with "View All Sharing" enabled:

  • See ALL data regardless of work package assignments

  • Useful for managers, auditors, and coordinators

When to use: Project managers, operations coordinators, administrators

When NOT to use: Contractors, workers, or external stakeholders limited to specific projects

Key Reminders

  • Permission Types are per company — each company has its own set

  • Users have ONE Permission Type — you cannot combine multiple

  • Ranks prevent privilege escalation — lower-ranked users cannot modify higher-ranked users

  • Self-service is always allowed — users can update their own basic profile

  • Super Administrators bypass all restrictions — use this role carefully

  • Dashboard Status is required — all users must have "Access Dashboard Status and Overview"

  • Export Data defaults to ON — most users can export their data

  • Paycheck and contract downloads are separate permissions — grant these explicitly to HR/finance roles only