Permissions

Permissions
Users > Permissions

This is where you set permissions for both users and groups. Every option has a security level that allows or disallows access to the task, whether or not a user has permission to modify, or access anything on a higher level. To begin, select the user or group you are working with and the application. To display a specific task for all users or all groups, right click on a task and choose the appropriate menu.

There are two separate types of permissions:

Tasks: This is the main part of permissions in the most detail. Tasks define who is allowed to do what.

Options: This is where other settings are stored per user (not group) that don’t fit the mold of allow and modify security levels. You rarely have to change anything here. It is mainly used internally for storing data specific to a user.


Understanding Permissions

Permissions control what actions users can perform in the system. They can be assigned directly to an individual user or inherited from a group that the user belongs to.

The Rule of Highest Access

When a user belongs to a group, the system compares their individual permissions against the group's permissions. The system will always apply the highest (most permissive) level of access available to them.

  • If a group has higher access than the individual: The user is automatically upgraded to match the group's higher access.
  • If an individual has higher access than the group: The user keeps their higher access; the group's lower restrictions will not drag them down.

Modifying User Permissions

When you modify permissions for a user who belongs to a group, a pop-up window will ask whether you want to apply the change to the user only or to the group. Choosing the group option will immediately apply the change (whether increasing or decreasing access) to every member of that group. Choosing the user-only option will isolate the change to that specific individual; however, how the system handles this depends on whether you are raising or lowering their access.

1. How to Increase a User's Access

To grant a single user higher permissions without affecting their group, edit their profile directly and select the user only option in the pop-up. Their individual permission will be raised, while the rest of the group remains unchanged.

2. How to Decrease a User's Access

Because group permissions override lower individual permissions, you cannot lower a single user's access by selecting "user only" if they remain in a high-access group. The group's higher level will continue to apply to them. To successfully lower just one person's access, you must use one of the following methods:

  • Method A (Individual Customization): Remove the user from the high-access group entirely, then set their individual permissions to the desired lower level.
  • Method B (New Group Assignment): Remove the user from the high-access group, create a new group with the lower permission levels, and assign the user to that new group.

User: The user or group to work with. Right-click on any user to see options for edit/display.

Application: The application to work with.

Task: The task to work with. This allows you to search for a specific task by a keyword. If you select all users and specify a task, then you can display a specific task for all users.

Global Edit: This gives you the ability to clone permissions. This can be done by selecting what you want to do from the drop-down and pressing the apply button. It also gives you the ability to, allow all, update all.

Clone selected to: Clones the currently selected task to another user, group, or all users.

Clone all from: Clones all permissions from another user or group into the user or group displayed.

Clone all to: Clones all permissions to another user, group, or all users.

Disallow all: Disallows access to all tasks for either the current or all applications for the user or group displayed.

Allow all: Allows access to all tasks for either the current or all applications for the user or group displayed, not overlaying any higher levels that already exist.

Allow all, no higher levels: Restricts to allow access to all tasks for either the current or all applications for the user or group displayed. This replaces any levels greater than Allow.

Modify all: Allows access to modify all tasks for either the current or all applications for the user or group displayed, not overlaying any higher levels that already exist.

Modify all, no higher levels: Restricts to only be able to modify all tasks for either the current or all applications for the user or group displayed. This replaces any levels greater than Modify.

Highest security: Allows access to everything.