Skip to content
English
Sign in
  • There are no suggestions because the search field is empty.

How do I manage a user's permissions?

Understanding Permissions

Note: Only admins can update user permissions.

User permission access can be managed individually with directly assigned permissions or in bulk with roles. The following article will walk you through how to manager user permissions.

For information on what each individual permission represents, check out this article.

Table of Contents

  1. Direct Permissions
    1. Individual User
    2. Bulk Assignments
  2. Roles
    1. Individual User
    2. Bulk Assignments
    3. Find Candidates
    4. Remove Redundant Direct Permissions

 

Managing Direct Permissions

Assign Direct Permissions to Individual Users

An individual user's permissions can be edited via that user's detail page. To open a user's detail page, first navigate to the Users Catalog page by clicking Settings button from the profile dropdown followed by the Users tab. 

users catalog

Then, find and select the user whose permissions you would like to edit.

open user detail page

From the user detail page, you will be able to enable or disable permissions individually or via the Assign/Unassign All buttons at each section header. Navigate through the permissions via scrolling, searching, or using the index. Click Save Changes to apply the edits to the user. 

set permissions-1

Note that certain permissions are dependent on other permissions. For instance, a user must be able to View an entity to be able to Edit it. These dependencies are enforced so if you enable an Edit permission on a user without the corresponding View permission, the View permission will be automatically enabled. Similarly, if a user has both View and Edit permissions and the View permission is removed, the corresponding Edit permissions will be removed. 

permission dependency


 

Assign Direct Permissions in Bulk

Permissions can also be directly assigned to users in bulk. This workflow also starts on the Users Catalog page, which you can navigate to by clicking Settings button from the profile dropdown followed by the Users tab. 

users catalog

Select the users that you would like to edit from the Users table and click Bulk Edit from the toolbar at the bottom of the screen. Once in bulk edit mode, select if you Set Permissions or Assign Permissions and select the permissions that you would like to assign. 

 

Note: Within the bulk editing interface, note the two options available for updating permissions: "Set Permissions" and "Add Permissions." 

  • Set Permissions: Selecting this option will overwrite all existing user permissions with the specified ones. This is useful when you want a uniform set of permissions for the chosen users.

  • Add Permissions: Use this option if you want to retain individual user permissions while adding new specific ones. Each user will maintain their existing permissions, and only the newly specified permissions will be added.

 

bulkeditpermissions

 

Managing Permissions with Roles

Roles streamline user access control by allowing you to manage shared permission sets. See you to create roles in the article How do I create and manage roles? Once your roles have been created, return here.

 

Assign Roles to Individual Users

Roles can be assigned to users from the user detail page. You can navigate here just as you did when managing individual direct assignments. Apply one or more roles to the user via the Roles dropdown. Be sure to Save Changes

apply roles

A user will have access to the superset of directly assigned permissions and permissions inherited through roles. You can see the source of each permission directly in the permissions table.

Notice the button of permission settings that are inherited through roles is read-only. If you would like to remove a given direct assignment of a permission that is inherited through a role, you can do so by clicking the Manage direct assignments toggle at the top of the page. You can also remove the direct assignments in bulk by following the steps in the Remove Redundant Direct Permissions section of this article. 

inheritance

 

Assign Roles in Bulk

Roles can also be assigned to users in bulk from a Role's detail page. From there, open the Users tab to see which users have been added to a role in the Role Users section or find additional users to add in the All Users section.

bulk assign roles

 

Assign Roles via Find Candidates

The Find Candidates feature helps you migrate from managing user permissions directly to using roles instead. From Role detail page, click Find Candidates to identify users that have the permissions of the role directly assigned to them and could therefore be migrated to having the role instead. 

find candidate

 

Remove Redundant Direct Permissions 

If a user has a specific permission directly assigned to them and inherited through a role, the user will maintain access to that permission even if the permission is removed from the role. To avoid this, we recommend removing the redundant user permission. We offer a workflow to remove these in bulk via the Roles catalog page. Select the roles for which you would like to clean up the directly assigned permissions of the associated users and select Clean Up Redundant Direct User Permissions from the dropdown at the bottom of the page. 

remove redundant permissions