The access control feature is available but still under development in some areas. In the coming months, the feature will first be expanded to tasks. We are also analyzing which other areas of the platform this feature could provide additional value.
What does Access Control mean?
What does Access Control mean?
Regardless of the defined user role, access control prevents users from viewing, opening, or editing a document or report. This ensures that unauthorized access to resources on the platform is blocked by the system, unlike filters which only restrict the visibility.
Similar to the filters this also means that users can only see the documents and reports they actually need in the corresponding tables. Orders become visible once a document or report, to which the user has access, is added. Documents and reports that are not accessible are displayed as information (grayed out), but the user cannot open or access them. Therefore, access control can be used on the platform to more precisely restrict areas of use and reduce the complex setup of blocked filters with class elements..
Access control uses an inheritance principle. Once users gain access to a specific document, they also receive access to the reports generated from it, both past and future. Therefore, any changes to access will affect historical, current, and future reports.
In the context of orders, this means that a user gains access to an order once a document, to which the user (either individually or through a group) has access, is added to the order. If there are additional documents in the order that the user does not have access to, they will be shown as placeholders, but the user will not be able to access them (see example below).
The current version of access control includes documents, reports, and orders. For tasks, the feature is still being designed and developed. So far, tasks remain unaffected and can be viewed and edited by any user. If visibility restrictions are needed here, it is recommended to use filters as an additional measure.
What is required to activate Access Control?
What is required to activate Access Control?
To use access control, your platform must have a corresponding setting. If you want to use this function, please contact your Customer Success Manager or Support.
In the next step, you can decide whether you want to design access to documents and reports via individual users or work via user groups.
In the Permissions table, under the section "Access control", you can find the corresponding settings to configure. With the permission "Overwrite Access Control" (or "Access to all documents and reports"), you give access to all content elements like documents, reports and tasks for the respective user role. This setting is recommended for administrators and staff who manage the platform.
The permission "Manage access tab" controls the assignment of access rights within the content elements (documents, reports, and tasks) through the "Access" tab found there. This setting is recommended for editors and staff who create and distribute content.
Access to individual documents and reports can be managed through user groups or direct assignment. The following section explains how to create and manage groups, as well as how to assign them to documents afterward.
Using groups is recommended, as it simplifies access management. If users are removed from an existing group, they automatically lose access to the associated documents and reports. No document adjustments are necessary.
Assigning individual users allows for very flexible access management, but it is generally more labor-intensive. If access to existing documents and reports needs to be revoked for users, this can be managed directly in the respective documents.
How do I set up Access Control?
How do I set up Access Control?
Creating and updating groups
Creating and updating groups
To create a group, navigate to the "User groups" section in the system settings. Click the "New user group" button to assign a name to the group. Give it a name that is as meaningful as possible. If necessary, you can add a description.
After saving for the first time, you will be directed to the user table, where you can add as many users as you wish and remove them again if necessary. By removing users from a group, they lose access to all documents for which the group is authorized, with immediate effect.
To edit the group later on, you can access the same view by clicking on the title of the corresponding group in the user groups table. You can change the description in the "Information" tab.
A group can be archived as well as deleted. As long as groups have access to documents or users are assigned to a group, the delete function is disabled and the group can only be archived. Only if a group neither has access to documents nor contains assigned users, it can be deleted.
Setting access to documents and reports
Setting access to documents and reports
To set access to a document and the resulting reports, first navigate to the desired document. In the editing view, you will find the "Access" tab, which allows you to add individual users or groups.
The role of the assigned users determines which actions they can perform with the corresponding documents and reports. For example, access to a document for a user with an Assistant role only allows this user to start the document in the Assistant area and process all resulting reports, while an Editor user could edit and republish the respective document. A user's role is not affected by access control.
Add all groups and users who should see the given document in the Editor and Assistant views. This setting takes effect immediately - publishing is not required. The person who initially created the document is automatically assigned access rights.
If you want to revoke users' access to documents and reports, you can do so by removing the user or group in the document. Alternatively, you can remove individual users from groups and thus restrict their access to documents.
Access to an order is controlled via the documents and reports. If a user has access to a document (and the associated report) that is used in an order, the user will also be granted access to the order. Reports within the order to which the user does not have access rights will be displayed but the user cannot open it.
Once you have created groups and assigned them to the corresponding documents, you can control access through the permissions table. When doing so, you should use roles to determine who should have access to all content entities and which role(s) can grant access to specific content. For example, an Editor should be able to decide on access to a document but should not automatically have access to all documents themselves.
Here is an example for the settings in order of Administrator, Editor, and Assistant (from left to right in the permissions table).
