Quick Start: Permissions

You can use permission rules to control access to content on a site. A permission rule is a set capabilities that defines the level of access a group or user has on a content item. Content items are projects you create, and the workbooks and data sources published to them.

The most efficient way to manage permissions is to remove permissions from the All Users group before you create new groups for your environment. Then assign the permissions to groups at the project level.

1 Add users to groups

Create groups for users based on who should have the same permissions, and then add users to those groups. Within a site, select Groups. Select a group name, and then select Add Users.

2 Open a project’s permissions settings

The site’s Content page shows the top-level projects. Navigate to the project you want to update, select its Actions () menu, and then select Permissions.


If you’re not sure where to find a child project, display filters, and select Show all projects.

3 Create a permissions rule

Click Add a user or group rule, select Group, and then find and select the group.

Select a permissions role template to apply an initial set of capabilities for the group. Click a capability to set it to Allowed or Denied, or leave it Unspecified. Click Save when you are done.

Whether a user can set permissions is based on their site role and how their Set Permissions capability is set.

4 View a user’s effective permissions

After you save the permissions rule for the group, you can view the effective permissions for that content.

Click a group name to see the group's users and their permissions. Hover over a capability box to see a tooltip with details on whether a capability is allowed or denied.

Custom indicates a user’s capabilities have been changed from the initial settings for their site role or content role.

For more information, see Permissions.

Site roles

A user’s site role determines the maximum permissions allowed for that user.

  • Server and site administrators can access all site content and take actions on it.

  • Owners always get full access to the content they’ve published. When the parent project permissions are not locked, owners can change permissions for their published content.

For more information, see Set Users’ Site Roles and Use Projects to Manage Content Access.

Permissions evaluation

  • Denied takes precedence over Allowed.

  • Unspecified results in Denied if no other permissions are specified.

  • Specific user permissions on content take precedence over group permissions on content. In other words, user permissions trump group permissions.

For a couple of best-practice steps for how to implement permissions, see the following:

Thanks for your feedback!