To be fully operational, you need to give the right roles and permissions to your workspace users.
To ensure accuracy and accountability, it is important that every user gets the role and permission they need to perform the right actions. The ITONICS Innovation OS provides you with the option to define your own roles and permission scheme per workspace and element type.
Per default, the ITONICS Innovation OS comes with standard global roles that you can easily change to match your context. You can also create your own roles and assign respective permissions accordingly.
The ITONICS permission concept includes an additive permission concept, which means that the respective permissions of each role complement each other. That means that users can have multiple roles assigned and the permissions granted complement each other.
For instance, if you have one role assigned that allows you to create elements but not to rate them and a second role assigned that allows you to rate elements but not create them, you will in consequence get the permission to rate and create content elements as per the additive permission concept.
Read on to learn:
- Role Configuration: How to create and update roles per workspace
- Default Workspace Role: How to change the default role assignment per workspace
- Permission Configuration: How to adjust permissions per role and element type?
- What is the default ITONICS role and permission configuration?
- Changing roles of users
Role Configuration: How to create and update roles per workspace?
To change roles or permissions for a workspace, navigate to the "Workspace Roles" settings first. You will find it in your profile in the bottom left corner [1 or 2].
Or, when you are already on the administrative pages of your organization settings, go to "Workspaces", and find the workspace for which you want to alter roles or permissions and the respective pen icon. Clicking on the pen icon will take you to the respective workspace settings.
In both cases, you will land on the workspace's settings page. Find the tab "Roles" [3]. Under the tab, you will find the current role scheme of the workspace with the current roles available. The roles are listed. Besides the "Workspace Admin" role, you can now change the name and description of each role by the pen icon [4].
To add a new role, find the option create role at the bottom right corner. Once clicked, a modal will open where you can add the title and a description.
If you want to delete a role, please find the trash icon.
A role cannot be deleted as long as it is assigned to users in the workspace.
Please note that every workspace can create/update/delete up to 20 roles at a time.
Default Workspace Role: How to change the default role assignment per workspace?
On the "roles" tab, you can also define the default role that should be assigned to workspace users. Find the option, below "Roles" [3] and select from the list the default role.
Permission Configuration: How to adjust the permissions per workspace role and element type?
To adjust the permissions, navigate to the "Workspace Permissions" settings first. You will find it in your profile in the bottom left corner [2]. You land on the permissions tab.
Next, you will see two menus. The first called "Elements" lets you define all the permissions related to, for instance, content creation, editing, rating, and viewing [6]. The second menu called "Features" lets you define all the permissions related to the ITONICS Innovation OS tools. Click on the name to change between the menus.
Below this menu, you will find a dropdown menu. Per default, the entry is "default" [7]. This dropdown selection provides you with the global permission scheme. This global permission scheme is the baseline for all schemes. If you do not alter permissions for specific element types, the global permission scheme counts.
Changing the default permission scheme
When "default" is selected, you will find the available actions/permission configuration options listed to the left [8]. In the right column for each action, the allowed roles are mentioned [9].
To disable any role from an action, use the X-icon next to the role name [9]. If you want to add any role, click on the arrow at the end of the role selection list and find all other existing roles [10]. Click on the name of the role from the selection menu and add it to the list.
Please note
- Workspace Admins always have all permissions granted which also cannot be changed.
- The permission configuration is always only true for one selected workspace. If you want to apply the same permission scheme to another workspace, you have to make the adjustments again for the other workspaces.
- As each permission scheme is restricted to one workspace, a custom element-type specific permission scheme will not be copied into another workspace when the element type is copied over to this other workspace.
- By default, all element types inherit the overarching permissions unless customized.
To save your changes, find either the bottom "apply changes" at the bottom right or "apply all changes" at the top right [11]. Apply changes will only save the last changes made on one page. Apply all changes will save all the last changes made.
Changing element-type specific permissions
When you want to override the default permission scheme for specific element types, choose the respective element type from the dropdown menu [6].
You will find the available actions/permission configuration options listed to the left [8]. In the right column for each action, the allowed roles are mentioned [9].
To disable any role from an action, use the X-icon next to the role name [10]. If you want to add any role, click on the arrow at the end of the role selection list and find all other existing roles. Click on the name of the role from the selection menu and add it to the list.
To save your changes, find either the bottom "apply changes" at the bottom right or "apply all changes" at the top right [11]. Apply changes will only save the last changes made on one page. Apply all changes will save all the last changes made. The user interface automatically adapts to the logged-in user's permissions, hiding element types from searches, tools, and filters, if the user lacks the necessary access.
An element type-specific permission scheme is indicated in the dropdown list by the label "custom". This indicates that the element-specific permission scheme differs from the global default permission scheme.
What is the default ITONICS role and permission configuration
Per default, the ITONICS Innovation OC comes with the following five different roles, i.e., Workspace Admin, Moderator, Evaluator, Scout, and Viewer.
In the following, we list which permissions are given per these roles and:
- Content permissions
- View, Create, Edit, and Delete
- Rating
- Comment
- Attachment
- Tool permissions
- Workspace admin-only permissions
Manage*: The term manage refers to all CRUD operations, i.e., create, read, update, and delete.
Please note that the availability of the tools depends on your subscription. If you have any questions, contact us at account_manager@itonics-innovation.com.
Manage*: The term manage refers to all CRUD operations, i.e., create, read, update, and delete.
3. Workspace admin-only permissions
Changing roles of users
Workspace Administrators can assign a role or have the option to change a workspace-level user role in the "Users" tab. Navigate to your profile on the bottom left and click on it. Here, you will find the option "Workspace Users". This will bring you to the user management section of your workspace.
Here, you will find the list of all users that are part of your workspace. You can now either add new colleagues to join the workspace (2) or update any existing user role assignment (3). In both cases, you will be asked to assign the correct role (4).
Please note that every user can have a maximum of 5 roles at a time.