Access Roles Section
Overview
An access role is a set of previously arranged permissions assignable to users by administrators.
In the Access Roles section of the administrative panel, you can create, search, and edit the company's access roles.
Within a company, users fulfill different roles. It is important to assign specific permissions to some users and not to others. Assigning access roles permits the quick designation of the sets of permissions that users will need to read or modify something in the application. The access given can go from answering a survey from a specific channel to configuring the administrative panel or changing the state of a workflow.
There is a wide range of default permissions to choose from, but personalized ones can also be created. Created permissions are given functionalities when other models are configured.
Main Settings Panel
As shown in the image below, from the Access roles button in the Administrative Panel, a list of all the access roles that have been created in the company appears in the settings panel.
Icon descriptions can be found in the Overview section.
Checkboxes enable you to select from one to all access roles, so you can deactivate them together with just one click.
Edit / Create Single Access Role
From the Access roles settings panel, you can edit or create a single access role. By selecting an existing access role or by pressing the create new element button, the Create access role settings panel will appear.
Button descriptions can be found in the Overview section.
Field Descriptions
| Field | Description | Notes |
|---|---|---|
| Name | The visual name of the Access Role | It doesn't have to be unique |
| Description | Text that explains the Access Role | |
| Permissions | Permissions available in access role. | See the full list of default permissions below. |
| Assigned to users | List of users who have been assigned this access role. | The list will be automatically filled when users are granted an access role. |
Do not change the permission and name of an access role already created. It could alter an existing workflow's functionality or a users ability to work in Cotalker. If you want to change an access role, check with the support team first.
Default Access Roles
The following table contains the default access roles that are available by default in all companies.
| Access Role | Description |
|---|---|
| full admin | full access in the legacy Admin. |
| read admin | read all in the legacy Admin. |
| default | basic client access |
| bot-default | full read |
Default Permissions
Default permissions come pre-installed and can be assigned to any access role.
There are four permission types. Three correspond to configuration areas accessible through the Main Menu Bar when the respective permissions have been granted:
The fourth permission type is like a sub-category for the other three types:
The following "permissions tree" shows how the four permission types are related. Click the image to enlarge.
Administrator Section
Grant access to the Administrator Section:
| Administrator section | Description |
|---|---|
| admin-*-read | Reading permission for all endpoints in Administrator section. |
| admin-*-write | Allows reading and editing all endpoints in Administrator section. |
| admin-access | Grants access to the Administrator section, but will only show the endpoint permissions the user has been granted. |
Admin Endpoint Permissions
Permissions for specific sections only. Must be used in conjunction with at least "admin-access".
| Endpoint permissions | Description |
|---|---|
| admin-groups-read | Allows reading groups. |
| admin-channels-read | Allows viewing channels. |
| admin-tasks-read | Allows viewing tasks. |
| admin-accesscontrol-read | Allows viewing access roles. |
| admin-users-read | Allows viewing users. |
| admin-bots-read | Allows viewing bots. |
| admin-properties-read | Allows viewing the database. |
| admin-company-read | Allows viewing company. |
| admin-surveys-read | Allows viewing surveys. |
| admin-answers-read | Allows viewing answers. |
| admin-groups-write | Allows editing groups. |
| admin-channels-write | Allows editing channels. |
| admin-tasks-write | Allows editing tasks. |
| admin-accesscontrol-write | Allows editing access roles. |
| admin-users-write | Allows editing users. |
| admin-bots-write | Allows editing bots. |
| admin-properties-write | Allows editing database. |
| admin-company-write | Allows editing company. |
| admin-surveys-write | Allows editing surveys. |
- Endpoint permissions require at least the admin-access permission to be accessible through the Administrative Panel.
- Admin-accesscontrol-read permission or admin-accesscontrol-write permission are required to read or write permissions respectively.
- In order to apply any permission to a user you must have admin-accesscontrol-read permission and admin-users-write permission.
Report Section
Grant access to the Report Section:
| Report Section | Description |
|---|---|
| report-*-read | Allows viewing of the Report section and all its categories. |
| report-surveys-read | Allows viewing the surveys category in the Reports section. |
| report-workflows-read | Allows viewing the workflows category in the Reports section. |
| report-properties-read | Allows viewing the properties category in the Reports section. |
| report-users-read | Allows viewing the users category in the Reports section. |
| report-*-write | Allows viewing and editing the Reports section and all its categories. |
| report-surveys-write | Allows viewing and editing the surveys category in the Reports section. |
| report-workflows-write | Allows viewing and editing the workflows category in the Reports section. |
| report-properties-write | Allows viewing and editing the properties category in the Reports section. |
| report-users-write | Allows viewing and editing the users category in the Reports section. |
Database Section
Grant access to the Database Section:
| Database section | Description |
|---|---|
| db-*-read | Allows entering the Database section and viewing all of its collections and elements. |
| db-properties-read | Allows entering the Database section and viewing collections. |
| db-*-write | Allows reading and writing in all of the collections and elements of the Database section. |
| db-properties-write | Allows editing collections in the Database section. |
For the time being, db-*-read and db-properties-read fulfill equivalent roles. Likewise, so do db-*-write and db-properties-write.
Configuring Permissions
If administrators wish to configure permissions, they can do it through the library package. For access to the Permissions Library Package, please contact the technical support team.
Hard-coding permissions has been deprecated.
Deprecated Permissions
| Legacy Permissions for Admin and Users (soon to be deprecated) | Description |
|---|---|
| modify-permissions | |
| web-admin-write | Equivalent to admin-*-write. |
| web-admin-read | Equivalent to admin-*read. |
| web-dashboard | |
| web-survey-read | Equivalent to admin-survey-read. |
| web-survey-write | Equivalent to admin-survey-write. |
| create-invites | |
| news-write | |
| web-access | |
| app-access | can use any client |