BrightWork uses standard SharePoint security. See below for the various permissions required to carry out specific BrightWork Tasks.
Please read this article by Microsoft for more details on SharePoint permissions:
Users require Contribute level or higher permissions to create a personal report. This is enabled by BrightWork Reporter having the non-default property of allowing users to edit scriptable web parts. To restore BrightWork Reporter to the default setting, and only allow users with Designer level or higher to create personal reports, you can edit the web.config file.
To remove 'Allow Contributors Edit Scriptable Web Parts' property from BrightWork Reporter, remove the below line of code from the web.config on every web application that BrightWork is installed on.
<SafeControl Assembly="BrightWork, Version=220.127.116.11, Culture=neutral, PublicKeyToken=bdb4a6220fe9433c" Namespace="BrightWork.UI.WebParts" TypeName="ListItemReport" Safe="True" SafeAgainstScript="True" />
Users require Full Control permission in the site to create scheduled report emails.
Users need to be a Site Collection Administrator or a member of the BrightWork Cache Administrator's user group to manually refresh or update a Cache, to configure a cache's views or to add columns to the cache.
To run an update at the site level users need to have Full Control of the site.
Permissions should be managed in high level groups as much as possible, especially when it comes to updating either cache. Managing permissions in this way helps reduce the overhead on reading and writing data in a cache.
This section outlines the various permissions needed to use the Design Sync features.
This section outlines the various permissions needed to use the BrightWork Copy Site.
For maximum simplicity, BrightWork recommends that individuals tasked with creating projects, templates and portfolios have Full Control at the site collection level and that Permission Inheritance is enabled through out the site collection; however, we appreciate that there will be many situations where it is not possible to have permission inheritance globally enabled, therefore we have detailed the various local permissions that are required to create projects, templates and portfolios.
Create a project from an existing template
Create a project from an existing project
Create a template from an existing template
Create a template from a existing project
Create a portfolio from an existing portfolio
Limited Access and View List Items
Parent site (e.g. Project Area, Portfolios Area, Templates Area or the project you want to add a subsite to)
Membership of the Read permission group and Create Subsites
Template that you want to create a copy of (i.e. the Source site):
Membership of the Read permission group
Project or portfolio that you want to create a copy of (i.e. the Source site):
Membership of the Read permission group and Manage Web Sites
BrightWork Copy site does not copy custom security settings such as unique website permissions or fine-grained permissions such as permissions on a list or library, folder, or item or document.
If a user creates a template or a project from a project, that contains items (e.g. a list) that she has fine-grained access to, then those items will be copied and viewable to all users in the target site. This is the same behavior as SharePoint. This means you should exercise caution when using sites with fine-grained permission as a source for a template or a project.
If a user creates a template or a project from a project, that contains items (e.g. a list) that she does not have access to, then those items will not be copied to the target site.
If a user creates a template or a project from a template, that contains items (e.g. a list) that she does not have access to, then those items will be copied to the target site. This means you should not use fine-grained permissions in templates.
The Project Request Manager template can have its actions restricted to certain people. Use the configure process page to restrict access to ranking, bulk approving or rejecting, or bulk change assignee.
If you do not specify restricted people, default security settings are used:
If you use the configure process page to restrict access to certain people, they will require Edit access on the list as a minimum.
The default security requirement for managing task scheduling is Manage Lists.
Users with the Contributor permission level can also use scheduling actions if the option is enabled in the configuration options.
Syncing a Tasks list with Microsoft Project Professional 2013 requires Full or Design permissions.