User Groups permissions guide
You configure security permissions with the User Groups pages in the Setup section of Inform.
Think of a User Group as a set of permissions that defines a security role. Assigning users to a User Group determines the actions they can perform and where they can perform them. There are two ways to apply these permissions:
- When creating or editing user groups, you can add users
- When creating or editing users, you can add user groups.
The "most permissive" rule
When users belong to more than one User Group, permission settings may overlap. In such cases, the highest permission level takes precedence.
For example:
- User A belongs to User Group 1, User Group 2, and User Group 3.
- In all three groups, All is selected in the View column on the Form Permissions table.
- In User Group 1, the permission level is set to Business Unit.
- In User Group 2, the permission level is set to Organization, the highest.
- In User Group 3, the permission level is set to Business Unit and Child Business Units.
Because of the "most permissive" rule, the highest level takes precedence. User A will be able to view all forms up to the Organization level.
B2W Inform security roles and permissions
This section provides find information about each of the five permission tables that you'll use when you assign security roles to configure permissions.
Under each heading, you'll find a brief description and a link that opens a table with detailed descriptions of that permission table. These tables show how permissions determine the actions a user can perform and where, within B2W Inform, they can perform them.
Note: At a minimum, every B2W Inform user can access the Home Page, Online Help, and the Alerts button and the My Notifications tab on the Alerts page.
Administrative Permissions
- Select a check box within the table to grant a permission to the user group.
Details about the Administrative Permissions table
| Permissions | Allowed Actions | Access |
|---|---|---|
|
Tenant Administrator |
Ability to manage Application Settings, Business Units, Data Storage, Users, and User Groups. |
|
|
Data Connection Administrator |
Ability to manage Data Sources |
|
|
Template Category Administrator |
Ability to manage Template Categories. |
|
|
Template and Form Group Administrator |
Ability to manage Template and Form Groups. |
|
|
Report Administrator |
Ability to create, edit, delete reports. Ability to setup report schedules. |
|
| Supervisor | Ability to be listed as a Supervisor. |
|
Template Permissions
- Select a check box within the table to grant a permission to the user group.
Details about the Template Permissions table
| Permissions | Allowed Actions | Access |
|---|---|---|
| View | ||
|
All |
View all templates in read-only mode. |
Templates Button and Page:
|
| Create | ||
|
All |
Create new templates and view templates the current user has created. |
Templates Button and Page:
|
| Edit | ||
|
All |
View and edit any template in your tenant. |
Templates Button and Page:
|
Form Permissions
View
- All – When you select the View check box on this row, all template categories and templates will inherit both the View permission and the selected Business Unit setting.
- Template Category – When you select the check box next to a template category, all of its subcategories and templates will inherit the View permission and the selected Business Unit setting.
- Individual Template – When you select the check box for an individual template, the View permission and the selected Business Unit setting is granted only to the selected template.
Note: Business Unit Setting dropdown will show up once a check box is checked for an item.
Note: Business Unit settings are one of the following three [3] options: Organization, Business Unit, and Business Unit with Child Business Units.
Create
- Select the Create check box if you want this user group to have permission to create forms.
Approve
- Select the Approve check box if you want this user group to have permission to approve forms.
Details about the Form Permissions table
| Permissions | Allowed Actions | Access |
|---|---|---|
| View | ||
|
All + Business Unit Setting |
|
Forms Button and Page:
|
|
Template Category + Business Unit Setting |
|
Forms Button and Page:
|
|
Individual Template + Business Unit Setting |
|
Forms Button and Page:
|
| Create | ||
|
Eligible |
Fill out forms based on template access (i.e. “Who can fill out this form?” section in the template). If this user is part of a User Group or an individual listed in the “Who can fill out this form?” section in the template properties, then they can fill out that form in the Fill out a Form Library page. |
Forms Button and Page:
|
| Approve | ||
|
Eligible |
Approve and reject forms assigned to the current user for review. |
Forms Button and Page:
|
Report Permissions
View
- All – If you select this check box, all report folders and reports will inherit the View permission.
- Report Folder – If you select the check box for a Report Folder, it and all of its child folders and reports will inherit the View permission.
- Individual Report – If you select the check box for an individual report, the View permission is granted only to that report.
Details about the Report Permissions table
| Permissions | Allowed Actions | Access |
|---|---|---|
| View | ||
|
All |
View all reports in your tenant. |
Reports Button and Page:
|
|
Report Folders |
View all reports within your tenant within the selected report folder. |
Reports Button and Page:
|
|
Individual Reports |
View the selected report. |
Reports Button and Page:
|
Alert Permissions
- Select a check box within the table to grant a permission to the user group.
Details about the Alert Permissions table
| Permissions | Allowed Actions | Access |
|---|---|---|
| Create | ||
|
All |
Create new alerts for any template in your tenant. View, edit, and copy all alerts that have been created by any user in your tenant. |
Alerts Button and Page:
|
|
Report Folder |
Create new alerts for templates within the selected Template Category. View, edit, and copy all alerts that have been created by any user for the level the current user has been granted. |
Alerts Button and Page:
|
|
Individual Template |
Create new alerts for the selected Individual Template. View, edit, and copy all alerts that have been created by any user for the level the current user has been granted. |
Alerts Button and Page:
|
Permission Table rules pertaining to inherited vs. explicit permissions
Note: This only applies to the Form Permissions, Report Permissions, and Alert Permissions tables on the User Groups page.
- Inherited permissions are inherited from a parent item. Permissions you assign to a parent item also apply to all of its child items.
- Explicit permissions are granted explicitly to items. You assign them one at a time to individual items.
Inherited Permissions
You can identify inherited permissions by the following characteristics:
- The check box next to the item is not selected.
- Static text appears to the right of the item's check box.
Each table displays different static text for inherited permissions.
- Form Permissions - The View column displays the Business Unit setting selected for the parent level.
- Report Permissions - The View column displays the word “View”.
- Alert Permissions - The Create column displays the word “Create”.
Explicitly Granted Permissions
For the Form Permissions table, explicitly granted permissions will have the check box selected and the Business Unit Setting dropdown will be displayed to the right of the check box.
If a permission has been explicitly granted for Report Permissions and Alert Permissions, the check box will be selected and will have static text to the right of the check box.
Note: On the Users pages, the tables are read-only.
Overriding inherited permissions
You can override inherited permissions and change them to explicit permissions.
Overrides in the Form Permissions table
To override inherited permissions in the Form Permissions table:
- Select the check box for an item with an inherited permission and change the Business Unit setting.
- Report and Alert Permissions: First, clear the check box for the parent item with the permission that is being inherited.
Overrides in the Report Permissions and Alert Permissions tables
To override inherited permissions in the Report Permissions and Alert Permissions tables:
- Clear the check box for the parent item with the permission that is being inherited. This could be the check box for the All row at the top of the table or any item with children elsewhere on the table.
- Select individual items to selectively apply View (in Report Permissions) or Create (in Alert Permissions) privileges.
Rules for Moving Items from One Folder to Another
If you move a template to another template category or a report to another report folder, inherited and explicit permissions are handled as follows:
- If the item you are moving has been granted explicit permissions, it keeps those permissions at its destination. Inherited permission levels at the destination are ignored.
- If the item you are moving has not been granted explicit permissions, it takes inherits the permission level of its destination.
Examples
Explicit permission settings
- You you created Template A and put it in Table Category A.
- In the Form Permissions table, Template A is checked with "Business Unit" selected.
- When you move Template A to any other category, it will keep its "Business Unit" setting.
Inherited permission settings
- You you created Template A and put it in Table Category A.
- In the Form Permissions table, Template A is not checked.
- You move Template A to Table Category B which is checked with Organization selected.
- Template A will inherit the Organization permission from Category B.
No permission settings
- You you created Template A and put it in Table Category A.
- In the Form Permissions table, Template A is not checked.
- You move Template A to Subcategory C which is not checked. Also, none of Subcategory C's parent categories are checked.
- Template A can no longer be accessed by the group.