Understanding permissions
In a nutshell
Permissions define how users can access the records of an application. Creator provides two default permissions (Read and Write) and allows you to create custom permissions by specifically giving access to view, edit, or delete permissions for each form of an application. This permission can then be assigned to a user, which determines what records the user can access.
Availability
- Permissions can be accessed in all plans of Creator. Addition of new permission sets is possible only in the paid plans.
- Only the super admin, admins, and developers can create and manage Permissions.
1. Overview
A permission set is a group of rules that govern the accessibility of the application's components for the user. This helps to run an organization with different departments taking care of different aspects of the business. For example, your business might involve collaborating with external vendors who might need access to your application's data. Giving them appropriate permissions to do so helps in creating a unified system where the necessary access of data is enabled. In this way, each section of people involved in the organization can have their own set of permissions relevant to their work.
User Permissions encapsulates three triads that govern the accessibility of an application's components and the data stored in it. When you incorporate the potential of permissions, role hierarchy, and data sharing rules in an application, a standardized and controlled approach of data handling can be achieved.
In Creator, the Permissions feature gives you the ability to define various permission sets that help you establish granular control over who can view and manage the data contained in your application. While it can determine if a user can access a specific component of an application, it can also specifically define the different actions that they are allowed to perform within that component and its data.
There are three types of permission sets available:
- Read - Gives the user permission to view the data added by themselves (records) in the application.
- Write - Gives the user permission to edit data added by themselves (records) in the application.
- Custom permissions - Customized permissions which enables the user to perform actions such as accessing, viewing, editing, deleting, and much more.
Apart from this, a set of Field Permissions are also available which decides the read and edit access of each field present in your form.
1.1 See how it works
1.2 Use case
Say you've built an Order Management application for your organization. The distributers and suppliers connected with your organization want access to the records of the Add Distribution Areas form and the Add Supplier Details form respectively. Both these groups will need access only to the report relevant to them. Therefore:
- A permission set can be customized with View All access for the distributers to view all the records of the Add Distribution Areas form.
- Another permission set can be customized with View All access for the suppliers to view all the records of the Add Supplier Details form.
1.3 Navigation guide
In the Edit mode of the application, Permissions is situated under the User Permissions section of the Settings page. By default, you land in the Permissions tab.
1.4 Sections in a permission set
There are two sections of permissions that need to be defined. They are:
1. API & security permission
The three types of API and security permissions are explained below:
Title | Description |
API access | Lets you Enable or Disable the users with this permission set use APIs for data manipulation. |
PII Data | Show - The PII-enabled fields' visibility is selected by default in Field Permissions . Edition of records can be further selected if required. Hide - PII-enabled fields' visibility/edition cannot be chosen in Field Permissions . They will not show up in the form and the edition of this field's data is also not possible. |
ePHI data | Show - The ePHI-enabled fields' visibility is selected by default in Field Permissions . Edition of records can be further selected according to your requirements. Hide - The ePHI-enabled fields' visibility/edition cannot be chosen in Field Permissions . They will not show up in the form and the edition of this field's data is also not possible. |
Note :
- Field Permission can be accessed by clicking on More option found adjacent to each component.
- PII and ePHI can be enabled for a field by choosing the Contains personal data and Contains health info option in the Field Properties pane of form builder respectively.
2. General permissions
A permission set has two different categories:
- Module level: Enable or disable the access to application's components (forms, reports, and pages).
- Field level: Enable or disable permission to access/edit the fields in a record.
Sections | Actions in Permission Set | Description |
Module Permissions | Access | Allow or restrict access to the chosen form/page. |
View | Allow or restrict access to view records added by the user themselves in the chosen report. | |
Edit | Allow or restrict access to edit records added by the user themselves in the chosen report. | |
Delete | Allow or restrict access to delete records added by the user themselves in the chosen report. | |
Permission actions under the More option | ||
Import | Allow or restrict the import of records into a component for which this action is configured. They can be imported in the following formats: Local storage - .xls, .xlsx, .xlsm, .csv, .tsv, .ods, .accdb, .mdb, .json, .numbers. URL - .xls, .xlsx, .xlsm, .csv, .tsv, .ods, .accdb, .mdb, .json, .numbers. Cloud service - .xls, .xlsx, .xlsm, .csv, .tsv, .ods, .json, .numbers. Paste Data - .csv, .tsv. | |
Export/Print | Allow or restrict the export/print records from the component for which this action is configured. The data can be exported in the formats .xls, .pdf, .html, .xml, .json, .csv, .tsv. | |
View all | Allow or restrict access to view all the available records in the chosen report. | |
Modify all | Allow or restrict access to modify all available records in the chosen report. | |
Create new report | Allow or restrict access to create new reports with each form in the live mode of the application. Learn more  Note : The reports that were created by a user holding the Create new report permission will be visible to all users even after the permission is revoked. | |
Read comments | Allow or restrict reading comments. If allowed, the user can read comments added by other users in a report. You cannot reply to the comments or mentions when this permission is given. | |
Write comments | Allow or restrict writing comments mentioning users in the application. If allowed, the user can add comments in a report. You can reply to comments and mention other users by @tagging them. Notifications are sent when someone mentions you in the record comments. | |
Field Permissions | Visibility | Allow or restrict access to view the chosen field's records. |
Read Only | Restrict or allow the edition of the chosen field's records. |
1.5 Achieving granular access control using user permissions
Any organization will want authority over how their data is circulated within their organization. When a systemized structure which decides how and who can access an application's data comes into place, both the management of data and its security is ensured. Using the combined power of permissions, role hierarchy, and data sharing rules helps you achieve this.
Each of the above features allows you to create a different type of exclusive access for users, to the data of an application. They work in different ways to achieve the intricate control of data that an organization needs.
Permissions vs Role Hierarchy
This table explains which records a user can access when they are assigned with the permissions listed below.
Permission Set Actions | Role hierarchy Disabled | Role hierarchy Enabled |
View | Records added by them. | Records added by them. |
Edit |
|
|
View All | All records. | All records. |
Modify All | All records. | All records. |
Data Sharing vs Permissions
Data sharing rules allow the records of a report to be shared from one user/role to another. However, the shared data will be accessible by the receiver only if they have the permission to access that report.
Data Sharing vs Role Hierarchy
Data sharing rules overrule role hierarchy and allow users/roles to access shared data.
Usecase : Say you add a user, Teresa, to an application. You assign her a role and a permission set while adding her to the application. A few scenarios are explained below to bring more clarity on how you can use User Permissions to define which records she can access.
- Scenario 1 - To let her access and delete only the records added by herself in a report, you assign her with a permission set that allows View, Edit, and Delete actions.
- Scenario 2 - To let her access both, her records and the records of her subordinates, you enable role hierarchy.
- Scenario 3 - To customize the sharing of records from a role/user to her (when she does not have access by default), you define a data sharing rule.
- Scenario 4 - To let her view all the records of a report regardless of who added it, you assign her with a permission set that allows View All /Modify All actions.
2. Points to note
- While adding a user to an application, they need to be assigned with a permission set created from the Permissions page.
- Admins cannot be assigned with permission sets but can view all the data in an application.
- Developers cannot be assigned with permission sets. When environments is:
- Disabled - They have access to all the data of the application.
- Enabled - The option to let them access and publish to Development and Stage can be chosen while adding them. They will not have access to the Production environment and therefore to the data of the application.
- When Create new report action is disabled in a permission set for a user, they will continue to have access to the reports previously created by them.
- When environments is enabled, the configured permission sets will reflect on the users in the live mode only when the application is pushed to the Production environment.
- The number of permission sets that can be added to an application depends on your Creator plan. See our pricing page.
3. Related topics
- Creating and Managing Permissions
- Understanding user permissions
- Understanding roles and role hierarchy
- Understanding data sharing
- Understanding users
What's next
Previous
What's next
Previous
Understand how permissions, roles, and data sharing work together to control user permissions.
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho Writer?
Create. Review. Publish.
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Understanding user permissions
What Does This Page Cover? Learn about how different users can access a report's data and how the sharing of this data with fellow users can be enabled. Availability User Permissions can be accessed in all plans of Creator. Only the super admin, ...Understanding users
This help page is for users in Creator 6. If you are in the older version (Creator 5), click here. Know your Creator version. 1. What does this page cover? Learn about users who can be added to your organization and how they can access the ...Understanding forms
In a nutshell Forms are used to enter data, and are a core part of an application. The data gets stored in Creator which can be viewed as Reports. A form is made up of fields (for various data inputs) and buttons (to submit/update/reset) and can be ...Understanding connectors
1. What does this page cover? Learn about connectors and the list of built-in connectors supported in Developer Console for connecting your application with Zoho and third-party services before distributing your apps. 2. Availability Connectors can ...Creating and managing permissions
What does this page cover? Learn to create permission sets that determine the actions a user can perform when they have access to the data of an application. Availability Permissions is accessible in all plans of Creator. Addition of new permission ...
New to Zoho LandingPage?
Zoho LandingPage Resources