Permissions allow you to manage what modules, groups & users can access in your platform as well as what level of permission they have to that module as well as to its content.
The central area to manage groups and permissions is located under ADMIN > GROUPS.
GROUPS LIST
You can order your groups using the dropdown menu or search for the name of the group. Results are displayed instantly, and the search icon will be highlighted if a search is still active.
If you have a lot of groups, you can use the horizontal scroll bar to navigate through the list. The information in brackets will match the ordering option selected.
You can view Users as Groups by clicking this tab option on the top left.
To Add a New Group, click ‘Create Group’, or the ‘New’ button in the top corner.
ADDING A NEW GROUP - OVERVIEW
There is now a 3-step process to creating a group & granting permissions.
Main Details tab:
On the Main Details tab, you enter the Group Name & an optional description.
The next step is to select the users that will belong to that group, clicking the Users tab.
Users tab:
You can view a basic or a detailed list of all users of the platform. You can search for users by name and sort using the options in the dropdown.
To select a user, click the checkbox. Selected users will appear in the Selected tab.
Clicking on the Permissions tab will then allow you to grant permissions for your platform.
Permissions tab:
In this view, you can see all of the modules of the platform.
To add a module, so users can view it on the navigation menu and access it, click on the switch in the Access column.
Create & Admin level permissions are both activated by clicking the switch in that column. As the highest level of Permission available, the Admin switch overrides all other options.
You can hover over the tooltip next to each module name to see what each permission level corresponds to, or view the details below.
After enabling the module, you can then grant default permission rules for All content, or for specific content based on the Creator, such as Group Created using these dropdown menus. You can see details for each rule below.
You can also apply custom permissions details by clicking the Details button under the Content column. These custom permissions will override any default rules applied (also referred to as General Rule).
To finish creating your Group, click Save & Exit.
MODULE PERMISSIONS
For each of these rules, different permission levels are available depending on the tool. These are described below.
Admin Module
- Access: This gives users access to the Admin module.
- Admin: This gives full access to the module and associated administrative functionality. You can give Admin on all areas at once by enabling the top level switch.
- Groups: You can give Assign or Manage permissions on default or custom rules for Groups. Assign notably allows to restrict Groups that can be selected when adding Users to the system. Manage allows to manage the permissions of the groups where it is enabled on, noting that users managing these groups can never grant permissions that are higher to their own permissions.
Resources Module
- Access: This gives users access to the module content area where files are uploaded, and made available for download or online preview. Rules and/or custom permissions should also be given to individual folders separately.
- Create: This allows users from this group to create folders at the top (also called root) level. To create sub-folders, the user will need Admin permission on the parent folder.
- Admin: This gives full access to the module and its content independently of other rules or custom permissions. This is the highest level of permission.
Rules permission levels (applied on a Folder level):
1. Preview: Users can preview files. If a download workflow is enabled, users can request approval to download the original assets in that folder. Note that a low resolution preview image of assets (maximum resolution of 800 x 800 px) can still be downloaded when it is available with that permission level. If watermarking is enabled, the preview image will be watermarked.
2. Access: Users can preview & download the files (original or its transformations, when available).
3. Publish: Users can preview, download, upload/edit and delete files.
4. Admin: Users can preview, download, upload/edit, delete files, manage folder settings and create sub-folders.
Version Control Module
- Access: This allows users to view previous versions of files, when available.
- Admin: This allows users to delete previous versions of files, when available.
Version Control is located under the Resources module.
Dashboards Module
- Access: This gives users access to this module and the main dashboards area.
- Create: This allows users from this group to create new dashboards.
- Admin: This gives Manage access to all dashboards that are not set to Private, independently of other rules or custom permissions. This is the highest level of permission.
Rules permission levels (applied on a single survey):
1. View: Users can be view the dashboard.
2. Edit: Users can view and edit the content of the dashboard.
Databases Module
- Access: This gives users access to this module and the main databases listing area. Users should then be given access to individual databases and their associated content modules.
- Create: This allows users from this group to create new databases.
- Main Admin: This gives Manage access to all databases, independently of other rules or custom permissions. This is the highest level of permission.
Rules permission levels (applied on a single):
1. View: Users can view the database listed in the main area.
2. Manage: Users can view the database listed in the main area and manage its settings.
NOTE: Giving access to a database does not give access to its content. Separate permissions are required on the Database's corresponding Records module (see below).
Database Records Module (available for each database created)
- Access: This gives access to the records listing area, and users can be given access to individual records via custom or general rules.
- Create: This allows users to create new records.
- Admin: This gives full access to all the records, independently of other rules or custom permissions. This is the highest level of permission.
Rules permission levels (applied on a single item):
1. View: Users can view the record.
2. Edit: Users can view, edit and delete the record.
Surveys Module
- Access: This gives users access to this module and the main Surveys area.
- Create: This allows users from this group to create new surveys.
- Admin: This gives Manage access to all surveys, independently of other rules or custom permissions. This is the highest level of permission.
Rules permission levels (applied on a single survey):
1. View: Users can be invited to participate to the survey.
2. Manage: Users can view and manage the survey.
NOTE: Giving access to the surveys does not give access to its responses. Additional permissions are required on the Survey's Responses Module.
Survey Responses Module (for each survey created)
- Access: This module gives users access to the responses area.
- Admin: This gives full access to the responses area and to all responses.
Standard Survey Responses
- Participate: The users from this group are invited to participate to the survey and submit one or multiple responses.
- View: The users from this group can view their response(s) after it is submitted.
- Delete: The users from this group can delete their response(s) after it is submitted.
Hierarchical Survey Responses
Users that take part to a hierarchical survey are automatically granted permission to the survey module, and their responses.
Note that permissions apply across all survey campaigns.
You can also choose as a survey option whether they can only see:
- Their own response.
- Response(s) of Hierarchy Direct Created (ie users just below them in the hierarchy).
- Response(s) of Hierarchy Extended Created (all users below them in the hierarchy).
- All Responses.
You can then add custom permissions for users that are not part of the hierarchy but need access to the hierarchy participants responses:
- Participate: The users from this group can participate to the surveys area (ie complete other hierarchy users's responses).
- View: The users from this group can view the responses after they are submitted.
- Delete: The users from this group can delete their responses after they are submitted.
Calendars Module
- Access: This gives users to the module; Permissions to individual calendars can then be granted.
- Create: This gives users the ability to create new calendars. Users will need Publish permission to individual calendars to then be able to create events within each.
- Admin: This gives users the ability to access the entire Calendars module and its content independently of other rules or custom permissions. This is the highest level of permission.
Rules permission levels (applied on each calendar):
1. View: Users can view events for this calendars. If Invitation type events are set to private, users can only view the ones they are invited to.
2. Publish: Users can create events for this calendars. Only organisers can update or cancel the events they create.
3. Admin: Users can create events for this calendars, and also update or cancel other users' events, including Invitation type events that are set to private. This is the highest level of permission for the calendars.
Agenda Module
- Access: This allows users to access the Agendas area and/view Agenda items in their parent folders; Permissions to individual agendas must then be added.
- Create: This gives users the ability to create new Agendas. The content that can be added to each agenda will depend on the creator's access to folders and files.
- Admin: This gives users the ability to access and edit all agendas items independently of other rules or custom permissions. This is the highest level of permission.
Rules permission levels (applied on each agenda):
1. View: Users can view the agenda. The entire listing of items within the agenda will be visible, however only items the user has actually access to will be clickable for downloading or opening in the online reader, unless the option to restrict the content display to a user's permissions is enabled.
2. Publish: Users can edit and update the content of this agendas. The user can only add new folders and files to the agenda that they have Publish permission on.
News Module
- Added: This gives users access to the module's main area, where users can post and email HTML updates to other users. Rules and/or custom permissions should also be given to individual news items separately.
- Create: This allows users from this group to create news items.
- Admin: This gives full access to the news tool and its content, independently of other rules or custom permissions. This is the highest level of permission.
Rules permission levels (applied on a single item level):
1. View: Users can view the news item.
2. Edit: Users can view, edit and delete the news item.
Custom Pages Module
- Added: This allows users to be given access to individual custom pages.
- Create: This allows users to create new custom pages. This also gives access to the Manage Pages area where all custom pages the user has access to are listed.
- Admin: This gives full access to the custom pages area and its content, independently of other rules or custom permissions. This is the highest level of permission.
Rules permission levels (applied on a single item level):
1. View: Users can view the custom page item.
2. Edit: Users can view, edit and delete the custom page item.
Stats Reports Module
- Access: This gives access to the stats reports area, where users can report on data available in the platform.
- Create: This allows users from this group to create new stats reports.
- Admin: This gives full access to the stats reports area and its content, independently of other rules or custom permissions. This is the highest level of permission.
Rules permission levels (applied on a single item level):
1. View: Users can view the stats report.
2. Edit: Users can view, edit and delete the stats report.
Workflow Module
- No permissions: A group or user with no enabled permissions to this module will mean these user(s) will only see Requests they are either the Requester or a selected Reviewer on.
- Access: This allows users to view all approval requests (pending or completed) within the Workflow area. Note that permission on the actual item reviewed is not required, nor granted.
- Admin: This allows users to view all approval requests (pending or completed) within the Workflow area as well as to approve any pending one, even if they are not directly involved in it (either as submitter or nominated approver). This is the highest level of permissions. Note that permission on the actual item reviewed is not required, nor granted.
People Module
- Access: This allows users to view the people tool which lists all existing users in the platform.
Usage Analytics / Reporting Module
- Access: This gives access to the usage reporting of items they have Admin permission (or Edit/Publish when no Admin permission exist on the associated module items) on as well as to individual users usage data pending they have Admin access to the Admin > Users area.
- Admin: This gives access to the general usage reporting area, where users can report on how frequently others users are accessing the platform, or what is the most popular content across each tool available.
Authenticator Module
- Access: This allows users from this group to configure additional authentication methods such as SAML or Active Directory. This should only be accessed by users with a technical expertise of authentication methods within your organization.
* Note that the name given to modules, features and information items may vary in your platform as they can be customised by Main Admin users.
DEFAULT RULES
You can select the specific modules a group should have access by enabling the ACCESS toggle switch against each module. This will make the module visible for users within this group on the navigation menu and allow them to access its content.
You can read the help icons next to each module for details of the permission levels available.
For each module, you can add default permissions rules, so access levels can be set automatically based on these rules when new content is added.
You can also select an existing Group as a template and load their existing rules. Note that this doesn't apply any of their custom rules permissions content.
Here is an overview of all the different rules that can be added:
- All: The selected permission level will automatically apply by default whenever a new item is created.
- User created: The selected permission level will automatically apply to the creator of the item only.
- Direct Report created*: If Leader details are added to User profiles, a user will automatically have this permission level on items created by their Direct Report(s).
- Extended Report created*: If Leader details are added to User profiles, a user will automatically have this permission level on items created by their Direct Report(s), and their own Direct Report(s) across multiple levels down to the bottom of the hierarchy.
- Group created: The selected permission level will automatically apply to the entire Group that the creator of the item belongs to.
- Division created: The selected permission level will automatically apply to the entire Division that the creator of the item belongs to.
- Direct Sub-division created*: If Sub-Divisions are created, a user will automatically have this permission level on items created by users from sub-divisions directly below their own division.
- Extended Sub-division created*: If Sub-Divisions are created, a user will automatically have this permission level on items created by users from sub-divisions below their own division across multiple levels down to the bottom of the hierarchy.
*These rules are only available if the Hierarchical Rules setting is enabled under Admin > Settings.
HIERARCHY FOR CROSS GROUP PERMISSIONS
- Highest permission of General rules wins across groups.
- Custom permission always wins over general, including across groups.
- Permissions hierarchy across Groups is Preview, Access, Publish, Admin (if taking Resources as an example).
- User As Group permissions always overrides Group(s) permissions.
- e.g. If a User is granted Admin on a Folder by a Group they belong to, but they are granted Access on that same Folder as a User As Group permission, Access will become the applicable permission.
- A Denied User As Group Custom permission wins over Preview/Access/Publish/Admin group custom (if taking Resources as an example).
Comments
0 comments
Please sign in to leave a comment.