We care about your data as much as you care for it. Who can view it? edit it? delete it? Workiom handles all scenario to keep your secure and safe.
Permissions are vital in any team collaboration, it translates work hierarchy, responsibilities and duties into access rights that control the flow of information as well as editing and creation privileges. By defining the right permissions and allocating them to the right person, you are reducing the chances of making mistakes, and most importantly you are imposing fairness for future accountability.
How to mange permissions?
In Workiom, permissions are flexible, and you can control your app in depth, at the applications level, lists level and fields level too!
Permissions only apply on private applications. You must set your application visibility to private in order to define its access rules. Public applications are available for all users on the same tenant without restrictions.
You can set permissions using two ways:
- Per user: this mean you can grant permissions for every user separately, and then control what each user can do or see over a specific app.
- Per Role: if you have many users, and some of them share the same privileges, you can simply create one or more roles which specific permissions and then grant each user the role he deserves. You can create as many roles as posts in your organization, and you can add as many users as you need to a role. This option is especially useful and handy when you are applying new rules on a large scale.
- A user can have more than a single role, and he will inherit the union of all permissions pre-defined in each role.
- A user can belong to a role, and still get specific additional rules on his level, But the role permissions have priority over user permissions.
- We recommended either grant a user specific roles from his user permissions and remove him from all roles, or just grant him role permissions without user permissions.
User Permissions (Per user):
To set permissions to a user, go to the administration tab and then click on users:
In the user view you can consult all users listed in your company workspace:
Click on action button next to the desired user, and choose Permissions.
Upon selecting permissions, a popup will appear with a list of private apps available in the workspace as well as an option for administration. There are four levels of access rights granularity:
- Overall permissions (workspace level).
- Application permissions.
- List permissions within a specific application.
- Fields and views permissions within a specific list.
Administration: if you set an user as administrator, by default he:
- Can control all applications regardless of specific permission on application level.
- Cannot create new applications or add new templates on the workspace.
- Cannot delete any other admin.
To create specific access rights, choose "Permissions.apps" option and then define the adequate rule for each app.
Create App permission:
Gives the user ability to create new applications or add templates.
Application Level Permissions:
To grant a user or role full control over an application (creating, reading / viewing, updating and deleting any list or field), check the checkbox next the application name. You can revoke this permissions later by unchecking the same box.
List Level Permissions:
List permissions offers many options and combinations of authorization to best reflect your organizational chart.
To grant a user or a role all rights on a specific list(s), check the checkbox next to the list name.
In the example above we granted a user full control over the applicants list only. When the user login to the HR application, he would only see the Applicants list but not the rest.
List permissions options:
- [List.Create records]: the right of adding new records.
- [List.Delete records]: the right of deleting new records.
- [List.Export records]: the right to exporting records.
[List.Fields]: This option allows the definition of editing and viewing rules on fields level.
- "Field name": to view a field data
- Edit: the right of editing a field data.
[List.Views]: This option allows the definition of viewing rules on views level.
Note: you have to grant permission for at least one view in order to update or add records.
To demonstrate how permissions work, let's have a look on two different cases.
Use case #1:
We have an HR application, and we want to grant viewing permissions to user on the Applicants lists.
The user can view only one list in HR application (Applicants), cannot add new records, cannot delete any record, cannot export any records, and edit any either. Just view permissions
Use case #2:
We have an HR application, and we want to grant viewing and creation permissions to user on list Applicants.
Creating permissions grant editing rights by default.
- Select [List.Create records] option for Applicants list
- Select the fields you want to grant editing (creation), you have to check [Edit] option to desired fields, If you want grant permissions to all fields, just check [List.Fields] option.
- Select [List.Views] you want to grant. You have to grant permissions to at least one view in order to view the data.
The user can view only one list in HR application (Applicants), can add new records (see green button), can update records, cannot delete any record, cannot export any record.
Note: all others views are hidden.
Role Permissions (Per role):
There is no difference between user permissions, role permissions, instead of granting access rights to a specific user, we can grant them to role, and then add user to the role.
To create a new role, go to the administration tab and then click on roles:
All available roles would be displayed in the next popup view. By default, Workiom creates two roles: Owner and User. You can't delete them, but you can edit them.
To create a new role, just click on "Create new role" button:
We have two tabs in this window:
To insert the name of the role, and the option of setting it as the default role for new added users.
In the permissions tab you are invited to defined all access rights on private applications following the same steps for creating the permissions on user level.
After adding the desired permissions to a specific role, you can assign it to users by clicking on the users link in the administration tab and then editing each user properties as follow:
- Click on the "Action" button next to the user, and then chose "Edit".
2. In the next window, chose the intended role by checking the checkbox next to its name.
3. Click save and you are set to go.
Hope to find this article helpful!