Permissions
The permissions section is used to manage which features, entities, and user data the administrators are able to access.
Prefer roles over directly assigned permissions. A role gives a reusable set of permissions, while permission labels and user scopes limit where those permissions apply.
In this section
- Admins – manage the people who can access the admin panel.
- Roles – create reusable sets of administrator permissions.
- Permission labels – categorize entities so permissions can be limited to the right content, groups, roles, and other records.
Permission Model
The main parts of the permission model are:
- Administrators – people who can access the admin panel.
- Roles – reusable permission sets that can be assigned to administrators or to other roles.
- Permission labels – labels assigned to entities such as content, messages, checklist templates, categories, user groups, administrators, and roles.
- User scope – the user groups whose user data an administrator can access through a role or permission.
Practical Setup
A typical permission setup starts with permission labels, then roles, then administrator assignment. For example, labels can represent divisions, countries, locations, mandatory trainings, or other responsibility areas. Roles can then grant access only to entities with the relevant labels and only to users in the relevant user groups.
Directly assigned permissions are available when needed, but they are harder to maintain than roles. Use them for exceptions rather than the main permission design.
Permission Pages
- Admins – manage administrator users, their basic details, assigned roles, and access-related fields.
- Roles – manage general role information, assigned roles, assigned permissions, members, assignment rules, and effective permissions.
- Permission labels – manage labels, parent labels, and the entities where each label is used.