Create and Manage Permission Sets to easily manage user access to Applications, Workflows, and steps.
Permission Sets are a collection of step permissions, typically corresponding to the different activities performed within an Application. An Enterprise Risk Management Application, for example, might have "Log New Risk," "Assess Risk," and "Review Risk" Permission Sets. As you will see below, Permission Sets determine whether users associated with these Permission Sets can view and/or edit Records when when they reside in particular Steps in the Application.
Users can be added to a Permission Set directly or a Permission Set can be mapped to a Role that corresponds to a function within your organization (Risk Assessment Team, ERM Manager etc).
Creating Permission Sets
Navigate to Build > Access using the menu.
Navigate to the Permission Sets tab and click + Add Permission Set.
A modal window will pop up:
Name the Permission Set and select the Application for which you want to create the Permission Set. After you have selected an Application, you will be prompted to configure access to each of the Steps in the Application. The image below shows an example of a Permission Set for an Enterprise Risk Management application.
Check the Step to grant access to it. Checking a Step enables edit access by default, but this can be toggled to read-only.
Configure access for all Steps. In the following example, the "Assess Risk" Permission Set grants edit access to the "Assessment In-Progress" and "Create Mitigation" Steps so that the user associated with this Permission Set is able fill out the form in the "Assessment In-Progress" Step and create a mitigation in the "Create Mitigation" Step. The Permission Set also grants read-only access to the other Steps so that the user can view details of the Risk Record they are assessing and view the status and details of the mitigation they have created.
Click Save Step Permission Set.
Managing Roles and Permission Sets
After creating the Permission Set itself, you will want to associate it with users. This can be done by specifying individual users or by specifying the Roles you want to provide this access to.
Individual users can be specified in the Permission Set modal.
Roles can be associated to Permission Sets using the Permission Set modal, or by editing the Role itself. Associating Permission Sets with Roles grants all the users listed under a Role the access configured via the Permission Set. The image below shows where Roles can be specified in the Permission Set modal.
To attach a Permission Set to a Role, navigate to the Roles tab under Build > Access. Click on the appropriate Role, navigate to the Steps tab, and select the appropriate Permission Set from the drop-down. Note that you must be a system admin to add or remove a Role from a Permission Set, since managing Roles is an administrative function.
Permission Sets are permissions are specific to an Application. Roles correspond to functions within your organizational hierarchy. You can:
Add Users directly to your Permission Set: Useful when you have a small set of users who need access to the Permission Set or are testing your Application with a small set of users
Attach the Permission Set to a Role: Useful when you are ready to go-live with your Application to a large cohort of your secondary users!
It's easy to add and remove a Permission Set from a Role. Any feedback? Let us know at firstname.lastname@example.org.