Understanding user permissions | Zoho Creator Help

Understanding user permissions

In a nutshell

User permissions let you define how different users can access a report's data and how the sharing of this data with fellow users can be enabled. This provides granular control to users on a role-based access control (RBAC). User permission is defined by three attributes: Permissions, Roles, and Data Sharing.
Availability
  1. User Permissions can be accessed in all plans of Creator.
  2. Only the super admin, admins, and developers can create and manage User Permissions.

1. Overview

User Permissions is a way of establishing granular control over the access of data in your applications by users. These user permissions allow you to restrict your users to a particular set of data, thereby also creating a secure platform in which the data is shared and worked with only where it is necessary. If used efficiently, User Permissions will let you control the whole organization's access of data in a systemized manner.
A user is a person who can access your application. Under the User Permissions page, the following can be accessed:
  1. Permissions - Set up certain pre-made or customized permissions that determine a user's access to a report's records
  2. Roles - Define different roles for the people in the organization
  3. Data Sharing - Determine how the data stored in the application can be shared between these users/roles

1.1 See how it works

We have detailed videos of the following features for your better understanding:
  1. Permissions
  2. Roles and Role Hierarchy
  3. Data Sharing

1.2 Use case

Say you've created an Employee Management app for your organization. Two departments, HR and Admin, work with this application. Each department has a department head, two managers under each head with three juniors each.

  1. The HR team members are given a permission set where they can access and edit the records of an Add Employee form. The Admin team members are given a permission set where they can view and edit the Request Accessories form.
  2. Roles are assigned to the above people, thereby providing them with a place in the organization's hierarchy. When role hierarchy is enabled, the department head will be able to view the records added by all their subordinates while vice versa is not possible.
  3. A data sharing rule is defined which enables a user from the HR team to share records added by them in the Add Employee form, to the two managers and their subordinates in the Admin team. Now, the Admin team can cross-check the employee's details before providing the employee with the company's accessories.

1.3 Navigation guide

In the Edit mode of the application, User Permissions is situated under the Permissions section of the Settings page.


1.4 Permissions in user permissions


Permissions are a set of rules that govern the accessibility of the application's data for users. Read and Write are the two predefined permissions.
  1. Read permission enables the user to view all the data stored in the application.
  2. Write permission enables the user to edit all the data stored in the application.
You can also create custom permissions based on your requirements by clicking on the Add Permission button. Learn more

For example, in an Order Management application, the customer and the delivery executive will have access to different components. The customer will be given permission only to view the records of their Personal Order History. The delivery executive similarly will be given permission to view the records of their past deliveries.

1.5 Roles in user permissions


Roles help you:
  1. Create an organizational hierarchy and define clear positions for the people/teams working in your organization
  2. Group individuals working in your application, making it easier to share data with a cluster of users assigned to the same role
Role hierarchy, when enabled, lets you choose whose records a user can see with the appropriate permission sets. Learn more
For example, say you have a Quality & Assurance team consisting of seven employees in your company, for which you create a role. All seven employees will be grouped together under this role when they are added as users in your application. The records added by these users will be accessible by their peers according to their permission sets. However, the cannot view added records by superiors when role hierarchy is enabled for that particular form.

1.6 Data sharing in user permissions


You can define rules that help you share data with individual users or with peers, management, and subordinates based on their roles. Choose between Read Only and Read/Write based on the requirements. Learn more

For example, consider role hierarchy has been enabled for a Task Management application. A new project trainee cannot see the records of their immediate superior while the latter can monitor the trainee's training tasks. In the event of the trainee being confirmed, it is decided that they work with the superior on their tasks. Therefore, a data sharing rule is drafted to allow the trainee to view the task records of the superior.

2. Points to note

  1. Refer below for the detailed Points to Note sections':
    1. Permissions
    2. Roles
    3. Data Sharing
  1. Permission sets can be defined for your application only in the paid plans of Creator. See our pricing page.
  2. Roles can be added to your application only in the paid plans of Creator. See our pricing page.
  1. Understanding permissions
  2. Understanding roles and role hierarchy
  3. Understanding data sharing
  4. Understanding users

What's next
Previous
What's next
Get a deeper understanding of how permissions, roles, and data sharing work.
Previous
Learn how to add and manage users in Creator.