Understand Permissions
What Does This Page Cover?
Learn how you can define unique permission sets such as Read, Write, or customized ones that decide on how different
users
can access the records.
Availability
- Permissions can be accessed in all plans of Creator. Addition of new permission sets is possible only in the paid plans.
-
Only the
super admin, admins, and developers can create and manage Permissions.
Overview
A permission set is a group of rules that govern the accessibility of the application's components for the user. This helps to run an organization with different departments taking care of different aspects of the business. For example, your business might involve collaborating with external vendors who might need access to your application's data. Giving them appropriate permissions to do so helps in creating a unified system where the necessary access of data is enabled. In this way, each section of people involved in the organization can have their own set of permissions relevant to their work.
Permissions in Creator
User Permissions
encapsulates three triads that govern the accessibility of an application's components and the data stored in it. When you incorporate the potential of permissions,
role hierarchy, and
data sharing rules
in an application, a standardized and controlled approach of data handling can be achieved.
In Creator, the Permissions feature gives you the ability to define various permission sets that help you establish granular control over who can view and manage the data contained in your application. While it can determine if a user can access a specific component of an application, it can also specifically define the different actions that they are allowed to perform within that component and its data.
There are three types of permission sets available:
- Read - Gives the user permission to view the data added by themselves (records) in the application.
-
Write
- Gives the user permission to edit data added by themselves (records) in the application.
- Custom permissions - Customized permissions which enables the user to perform actions such as accessing, viewing, editing, deleting, and much more.
Apart from this, a set of
Field Permissions
are also available which decides the read and edit access of each field present in your form.
See How It Works
Use Case
Say you've built an
Order Management
application for your organization. The distributers and suppliers connected with your organization want access to the records of the
Add Distribution Areas
form and the
Add Supplier Details
form respectively. Both these groups will need access only to the report relevant to them. Therefore:
- A permission set can be customized with View All access for the distributers to view all the records of the Add Distribution Areas form.
- Another permission set can be customized with View All access for the suppliers to view all the records of the Add Supplier Details form.
Navigation Guide
In the
Edit
mode
of the application,
Permissions
is situated under the
User Permissions
section of the
Settings
page. By default, you land in the
Permissions
tab.
Sections in a Permission Set
There are two sections of permissions that need to be defined. They are:
1. API & Security Permission
The three types of API and security permissions are explained below:
|
Title
|
Description
|
|
API access
|
Lets you
Enable
or
Disable
the users with this permission set use
APIs
for data manipulation.
|
|
PII Data
|
Show
- The PII-enabled fields' visibility is selected by default in
Field Permissions
. Edition of records can be further selected if required.
Hide
- PII-enabled fields' visibility/edition cannot be chosen in
Field Permissions
. They will not show up in the form and the edition of this field's data is also not possible.
|
|
ePHI data
|
Show
- The ePHI-enabled fields' visibility is selected by default in
Field Permissions
. Edition of records can be further selected according to your requirements.
Hide
- The ePHI-enabled fields' visibility/edition cannot be chosen in
Field Permissions
. They will not show up in the form and the edition of this field's data is also not possible. |
Note
:
-
Field Permission
can be accessed by clicking on
More
option found adjacent to each component.
- PII and ePHI can be enabled for a field by choosing the Contains personal data and Contains health info option in the Field Properties pane of form builder respectively.
2. General Permissions
A permission set has two different categories:
- Module level: Enable or disable the access to application's components (forms, reports, and pages).
- Field level: Enable or disable permission to access/edit the fields in a record.
|
Sections
|
Actions in Permission Set
|
Description
|
|
Module Permissions
|
Access
|
Allow or restrict access to the chosen form/page. |
|
|
View
|
Allow or restrict access to view records added by the user themselves in the chosen report.
|
|
|
Edit
|
Allow or restrict access to edit records added by the user themselves in the chosen report.
|
|
|
Delete
|
Allow or restrict access to delete records added by the user themselves in the chosen report. |
|
|
Permission actions under the More option
|
|
|
|
Import
|
Allow or restrict the
import of records
into a component for which this action is configured. They can be imported in the following formats:
Local storage
- .xls, .xlsx, .xlsm, .csv, .tsv, .ods, .accdb, .mdb, .json, .numbers.
URL
- .xls, .xlsx, .xlsm, .csv, .tsv, .ods, .accdb, .mdb, .json, .numbers.
Cloud service
- .xls, .xlsx, .xlsm, .csv, .tsv, .ods, .json, .numbers.
Paste Data
- .csv, .tsv.
|
|
|
Export/Print
|
Allow or restrict the
export/print records
from the component for which this action is configured. The data can be exported in the formats .xls, .pdf, .html, .xml, .json, .csv, .tsv.
|
|
|
View all
|
Allow or restrict access to view all the available records in the chosen report. |
|
|
Modify all
|
Allow or restrict access to modify all available records in the chosen report.
|
|
|
Create new report
|
Allow or restrict access to
create new reports
with each form in the live mode of the application. Learn more
Note
: The reports that were created by a user holding the
Create new report
permission will be visible to all users even after the permission is revoked.
|
|
|
Read comments
|
Allow or restrict reading comments. If allowed, the user can read comments added by other users in a
report. You cannot reply to the comments or mentions when this permission is given.
|
|
|
Write comments
|
Allow or restrict writing comments mentioning users in the application. If allowed, the user can add comments in a
report. You can reply to comments and mention other users by @tagging them. Notifications are sent when someone mentions you in the record comments.
|
|
Field Permissions
|
Visibility
|
Allow or restrict access to view the chosen field's records.
|
|
|
Read Only
|
Restrict or allow the edition of the chosen field's records.
|
Achieving Granular Access Control Using User Permissions
Any organization will want authority over how their data is circulated within their organization. When a systemized structure which decides how and who can access an application's data comes into place, both the management of data and its security is ensured. Using the combined power of permissions,
role hierarchy, and
data sharing rules helps you achieve this.
Each of the above features allows you to create a different type of exclusive access for users, to the data of an application. They work in different ways to achieve the intricate control of data that an organization needs.
Permissions vs Role Hierarchy
This table explains which records a user can access when they are assigned with the permissions listed below.
|
Permission Set Actions
|
Role hierarchy Disabled
|
Role hierarchy Enabled
|
|
View
|
Records added by them.
|
Records added by them.
|
|
Edit
|
|
|
|
View All
|
All records.
|
All records.
|
|
Modify All
|
All records.
|
All records.
|
Data Sharing vs Permissions
Data sharing rules allow the records of a report to be shared from one user/role to another. However, the shared data will be accessible by the receiver only if they have the permission to access that report.
Data Sharing vs Role Hierarchy
Data sharing rules overrule role hierarchy and allow users/roles to access shared data.
Usecase
: Say you add a user, Teresa, to an application. You assign her a role and a permission set while adding her to the application. A few scenarios are explained below to bring more clarity on how you can use User Permissions to define which records she can access.
- Scenario 1 - To let her access and delete only the records added by herself in a report, you assign her with a permission set that allows View, Edit, and Delete actions.
- Scenario 2 - To let her access both, her records and the records of her subordinates, you enable role hierarchy.
- Scenario 3 - To customize the sharing of records from a role/user to her (when she does not have access by default), you define a data sharing rule.
-
Scenario 4
- To let her view all the records of a report regardless of who added it, you assign her with a permission set that allows
View All
/Modify All
actions.
Points to Note
- While adding a user to an application, they need to be assigned with a permission set created from the Permissions page.
-
Admins cannot be assigned with permission sets but can view all the data in an application.
- Developers cannot be assigned with permission sets. When environments is:
-
Disabled - They have access to all the data of the application.
- Enabled - The option to let them access and publish to Development and Stage can be chosen while adding them. They will not have access to the Production environment and therefore to the data of the application.
- When Create new report action is disabled in a permission set for a user, they will continue to have access to the reports previously created by them.
-
When
environments
is enabled, the configured permission sets will reflect on the users in the live mode only when the application is pushed to the
Production
environment.
Limitations
- The number of permission sets that can be added to an application depends on your Creator plan. See our pricing page.
Related Topics
- Create and Manage Permissions
- Understand User Permissions
- Understand Roles and Role Hierarchy
-
Understand Data Sharing
- Understand Users
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Zoho DataPrep Resources
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Understand User Permissions
What Does This Page Cover? Learn about how different users can access a report's data and how the sharing of this data with fellow users can be enabled. Availability User Permissions can be accessed in all plans of Creator. Only the super admin, ...Understand portal
This help page is for users in Creator 6. If you are in the older version (Creator 5), click here. Know your Creator version. A Portal is a great way for an organization to allow its external users to log in to their dedicated internal system and ...Create and Manage Permissions
What Does This Page Cover? Learn to create permission sets that determine the actions a user can perform when they have access to the data of an application. Availability Permissions is accessible in all plans of Creator. Addition of new permission ...Understand application settings
This help page is for users in Creator 6. If you are in the older version (Creator 5), click here. Know your Creator version. The Settings section allows you to make application level configurations. You can view and change information about and ...Understand Data Sharing
What Does This Page Cover? Learn how the flow of data can be facilitated from between users/roles. Availability Data Sharing is accessible in all plans of Creator. Only the super admin, admins, and developers can create and manage Data Sharing. ...
New to Zoho LandingPage?
Zoho LandingPage Resources