If you want to restrict who can perform administrative tasks (administering either projects or user accounts) or who can view certain project information, you must change the permissions of the built-in user accounts, and create new accounts with the appropriate roles. You may also wish to create new roles, and/or modify the default views. You should start by assigning a non-trivial password to the admin account, and either assigning a password to or disabling the guest account.

Note: Although Project Reporter does not display passwords in web pages, URLs, or configuration files, it does transmit them to the server in clear text — therefore, the basic log-in mechanism should not be relied upon for security beyond a group of relatively trusted users, such as a corporate intranet. For more information, see the security guidelines.

In some cases, you may find it useful to create user accounts that can be used by several people at the same time (although you must still comply with the licensing requirements regarding the total number of users). For example, if you want to make project information available to clients outside your organization, but do not want to create a separate user account for each person who might view the information, you could create a client account, and communicate the password to your clients. Project Reporter uses log-in names to maintain separate session information for each user, but this is also relative to the user's internet address, so that different users with the same log-in name will not interfere with each other's settings, as long as they are viewing the reports from different computers.

You can use the Client Statistics page to monitor use of Project Reporter, and ensure compliance with the licensing model.

In order to control which project reports a given user account will have access to, you can assign it to one or more groups.