Quick Start: Permissions
You can use permission rules to control access to content on a site. A permission rule is a set capabilities that defines the level of access a group or user has on a content item. Content items are projects you create, and the workbooks and data sources published to them.
The most efficient way to manage permissions is to remove permissions from the All Users group before you create new groups for your environment. Then assign the permissions to groups at the project level.
1 Add users to groups
Create groups for users based on who should have the same permissions, and then add users to those groups. Within a site, select Groups. Select a group name, and then select Add Users.
2 Open a project’s permissions settings
The site’s Content page shows the top-level projects. Navigate to the project you want to update, select its Actions (…) menu, and then select Permissions.
If you’re not sure where to find a child project, display filters, and select Show all projects.
3 Create a permissions rule
Click Add a user or group rule, select Group, and then find and select the group.
Select a permissions role template to apply an initial set of capabilities for the group. Click a capability to set it to Allowed or Denied, or leave it Unspecified. Click Save when you are done.
4 View a user’s effective permissions
After you save the permissions rule for the group, you can view the effective permissions for that content.
Click a group name to see the group's users and their permissions. Hover over a capability box to see a tooltip with details on whether a capability is allowed or denied.
For more information, see Permissions.
A user’s site role determines the maximum permissions allowed for that user.
Server and site administrators can access all site content and take actions on it.
Owners always get full access to the content they’ve published. When the parent project permissions are not locked, owners can change permissions for their published content.
Denied takes precedence over Allowed.
Unspecified results in Denied if no other permissions are specified.
Specific user permissions on content take precedence over group permissions on content. In other words, user permissions trump group permissions.
For a couple of best-practice steps for how to implement permissions, see the following:
Structure Content Projects, Groups, and Permissions (links to Everybody’s Admin Guide)