We care about your data as much as you care for it. Who can view it? edit it? delete it? Workiom handles all scenario to keep your online workspace secure.
Permissions are vital in any team collaboration, it translates work hierarchy, responsibilities and duties into access rights that control the flow of information as well as editing and creation privileges. By defining the right permissions and allocating them to the right person, you are reducing the chances of making mistakes, and most importantly you are imposing fairness for future accountability.
How to manage permissions?
In Workiom, permissions are flexible, and you can control your app in depth, at the applications level, lists level and fields level too!
Permissions only apply on private applications. You must set your application visibility to private in order to define its access rules. Public applications are available for all users on the same tenant without restrictions. Private apps has a lock icon on them. Click on the ellipsis on the top right corner of app card to manage app settings.
You can set permissions based on 'Roles' : you can simply create one or more roles with specific permissions and then grant each user the related role. You can create as many roles as you need in your organization, and you can add as many users as you need to a role. This option is especially useful and handy when you are applying new rules on a large scale.
A user can have more than a single role, and he will inherit the union of all permissions pre-defined in each role.
In order to create a new role:
1- Click on 'Settings' menu and open 'Roles'
2- Click on 'Create New Role' button
3- Write a name for the role
4- Select the permissions on app-level, list-level or field-level
5- Save the new role
Edit or view permissions can be configured on field/list/app level. A role can only view a certain field/list/app but cannot edit it.
Upon selecting permissions, you can see a list of private apps available in the workspace as well as an option for administration. There are four levels of access rights granularity:
Overall permissions (workspace level).
List permissions within a specific application.
Fields and views permissions within a specific list.
Administration: if you set an user as admin, by default he:
- Can control all applications regardless of specific permission on application level.
- Cannot delete any other admin.
To create specific access rights, choose "Permissions.apps" option and then define the adequate rule for each app.
Create App permission: Gives the user ability to create new applications or add templates.
Application Level Permissions:
To grant a user or role full control over an application (creating, reading / viewing, updating and deleting any list or field), check the checkbox next the application name. You can revoke this permissions later by unchecking the same box.
List Level Permissions:
List permissions offers many options and combinations of authorization to best reflect your organizational chart.
To grant a user or a role all rights on a specific list(s), check the checkbox next to the list name.
In the example above we granted a user full control over the applicants list only. When the user login to the HR application, he would only see the Applicants list but not the rest.
List permissions options:
- [List.Create records]: the right of adding new records.
- [List.Delete records]: the right of deleting new records.
- [List.Export records]: the right to exporting records.
- [List.Fields]: This option allows the definition of editing and viewing rules on fields level.
- - "Field name": to view a field data
- - Edit: the right of editing a field data.
- [List.Views]: This option allows the definition of viewing rules on views level.
Note: you have to grant permission for at least one view in order to update or add records.
To demonstrate how permissions work, let's have a look on two different cases.
Use case #1:
We have an HR application, and we want to grant viewing permissions to user on the Applicants lists.
The user can view only one list in HR application (Applicants), cannot add new records, cannot delete any record, cannot export any records, and edit any either. Just view permissions
Use case #2:
We have an HR application, and we want to grant viewing and creation permissions to user on list Applicants.
Creating permissions grant editing rights by default.
Select [List.Create records] option for Applicants list
Select the fields you want to grant editing (creation), you have to check [Edit] option to desired fields, If you want grant permissions to all fields, just check [List.Fields] option.
Select [List.Views] you want to grant. You have to grant permissions to at least one view in order to view the data.
The user can view only one list in HR application (Applicants), can add new records (see green button), can update records, cannot delete any record, cannot export any record.
Note: all others views are hidden.
After adding the desired permissions to a specific role, you can assign it to users by clicking on the users link in the administration tab and then editing each user properties as follow:
Click on the "Action" button next to the user, and then chose "Edit".
In the next window, chose the intended role by checking the checkbox next to its name.
Click save and you are set to go.