Quick Start: Permissions
A permission rule is a set of capabilities that defines what access a group or user has to a piece of content, such as a workbook, project, or data source.
To efficiently manage permissions:
- Remove permissions from the All Users group before creating more groups
- Configure template permissions on the Default project before creating more projects
- Manage permissions for groups, not users
- Manage permissions for projects, not content
Create group permission rules for projects
For details on the following steps, see the main article on permissions. This Quick Start guide is an overview and doesn't capture many important details about permissions and permission management.
1. Add users to groups
A common way to manage permissions is to use groups for users who should have the same permissions.
- If necessary, add users to the site.
- Within a site, select Groups.
- If necessary, create a group using the Add Group option.
- Click a group name to open it, then use the Add Users button to add existing users to the group.
2. Access project-level permissions settings
The Explore page displays the content on the site. Use the dropdown to display Top-Level Projects or All Projects (to see nested projects as well).
Navigate to the project you want to update, open the Actions (…) menu, then select Permissions.
3. Create a permissions rule
Select + Add Group/User Rule to create a new permission rule.
The template drop-down offers a shortcut to apply an initial set of capabilities for the group.
If desired, customize the permission rule by clicking a capability to set it to Allowed or Denied, or leave it Unspecified.
4. View a user’s effective permissions
After you save the permissions rule for the group, you can view the effective permissions for each user. Click a group name to see the group's users and their permissions. Hover over a capability box to see a tooltip with details on whether a capability is allowed or denied.
Site roles
A user’s site role determines the maximum permissions allowed for that user.
- Server and site administrators can access all site content and take actions on it.
- Owners always get full access to the content they’ve published. When the parent project permissions aren’t locked, owners can change permissions for their published content.
For more information, see Set Users’ Site Roles and Use Projects to Manage Content Access.
Permission logic
- Denied takes precedence over Allowed.
- Unspecified results in Denied if no other permissions are specified.
- Specific user permissions on content take precedence over group permissions on content. In other words, user permissions trump group permissions.
For more information, see Effective permissions.