User Groups used for permissions
These settings can be found under General > Settings > Roles/Groups > User groups
User Groups determine what data users have access to, and many parts of VisionFlow (issues, documents etc.) allows for setting permissions to selected user groups. Each User Group have one User Role, where the user role determines permissions to functionality.
"Layered" permission model
A user can have different user groups set on different projects. A user can also be assigned a different user group on the account than on the projects. Also you can override these permissions on an object level, such as on an issue/task or document. This is what we call a "layered" permission model, which means some settings apply to the global/account level but other settings are used on projects or objects to cater for maximum flexibility.
The layered permission model in VisionFlow means that you can both set a "default" user group for a user on the account level but also override this on the project level. This means that you for example can have limited access to functionality and data when you log in such as if you are assigned to the user group "External", then on a specific project you can be assigned to the user group "Project Manager" to be given more permissions there.
So when users try to do different things in the system, such as access data, access or perform functionality or receive notifications, the system the system looks in different places to determine if it is OK for the current user. For example:
To determine what functions a user should see in the General section (in the left navigation panel) the system looks at the group(s) that is set directly on the user (General --> Users --> <select user> --> General --> User account --> User Group )
To determine what functions a user should see on a project, the system looks at the group(s) that is set on the user for the specific project (Project --> Users --> Group(s) or on General --> Users --> <select user> --> Project access --> User Group(s))
To determine if a user should receive a notification based on changes, workflow or rules on issues in a project the system looks at the group(s) that is set on the user for the specific project. The system also looks at the permission set directly on the issue/task itself to see if this has been overridden compared to the normal project settings.
Creating and managing User Groups
To create a new user Group, just click 'Add new user group', to open the edit Group dialog. Configure and press submit.
- Name - The name of the user group
- Role - Select from the user Roles available on the account, in the dropdown list.
- Is Administrator - check this if the user group is of the administrator type.
- Is Project Administrator - check this if the user group is of the project administrator type.
- Is Support User - check this if the user group is of the support user type (used for external customers, for example).
- Is Default group - Check this if this user group should be the default one. This is used when new users are created by the system and no user group is otherwise specified. Only one user group can have the default flag. To remove the flag from a given user group, you have to set it on another user group. The default user group also cannot be deleted.
- Copy tab access and issue field access from this User Group: - select an existing User group to copy these configurations from.
- Can not set these User groups on users - Check the boxes for the user groups that users with this user group should not be able to set. This is useful to prevent users from creating new users with higher permission than they have themselves.
The table lists all current user groups on the account. The table shows name and role for each user group, and whether the group is any of the special types (admin, project admin and support user).
The column Company access limitations? shows Yes/No and an edit icon. If it shows 'Yes', there is company access set on the user group, otherwise not. 'No' is the default.
Clicking the edit button opens a company access dialog where you can choose from available companies to select which companies the User Group should have access to.
The company access is a feature that should only be used in some cases. Read more here: Company or Partner access
The Actions column shows a number of functions for each user group:
- Delete - click this to delete the user group. Note: Only roles not used by any user can be deleted!
- Edit user group - click to open the edit user group dialog for that user group.