About roles and access rights
Note:
- To manage users' roles and access rights, you must be the Admin or Manager level user.
- Roles and access rights are set separately for each of your workspaces. Every user must be invited to workspace and accept the email invitation.
Per workspace, each user is given an access level / role and provided with a defined set of access rights, which determine the capabilities a user has within the workspace and what they can see and change.
Access levels / roles
There are four different access levels / roles with a defined set of access rights:
- Owner: The designated legal contact to EMDESK, the subscription and workspace owner is responsible for invoices and payments. By default, the owner is the person who created the workspace. There is only one owner for each workspace. The owner is marked with a crown in the "Users" section. The owner is the only user who can delete the workspace.
- Admin: Has full access to the workspace and is responsible for its technical administration. There can be several Admins in each workspace.
- Manager: Has almost full access to the workspace, but has no access to "Subscription". There can be several Managers in each workspace.
- Regular User: Any user who is not the Owner, Admin, or Manager. Has restricted read access to technical settings and general workspace information. To determine what the user can read, edit, and manage, the defined access rights must be set. There can be several Regular Users in each workspace.
Note:
- By default, the user who set up the workspace is given the Owner and Admin roles in the workspace.
- New users are defaulted to the Regulars User role with Manage access rights to all workspace items (read how to define precise access rights for Regular Users).
Note: Read further how to manage users' roles.
Access rights of Regular Users
Non-Admin and non-Manager role level users are Regular Users. For them you can define the access rights per sections (Projects & Activities, Participants, Documents, Resources) and per specific items in these sections.
The following access rights options are available per each section and item:
- Manage: The user has full access to the data – can see, edit, and manage (add, move, or delete) workspace items.
- Edit: The user can see and edit workspace items, but cannot manage them (add, move, or delete).
- Read: The user can see workspace items, add comments and attachments, but cannot edit and manage items (add, move, or delete).
- Off: The user has no access to workspace items.
Note:
- User must have at least Read access rights to the linked project, activity, or participant to perform the access rights set for the "Resources" section.
- If Regular Users have access to the items associated with other items they do not have access to, only basic information about those "Off" items is displayed, e.g. ID or name.
Note: Read further how to manage access rights of Regular Users.
Using groups to set user access rights
You can organise workspace users into groups, and use groups to set and grant access rights for a number of users at once. Users joining or leaving the group will automatically gain or lose the access rights set for the group. Groups cannot be given the Admin, Manager, or Owner access level – only the Regular User role can be assigned to a group.
For critical sets of access rights managed through groups, we recommend to use restricted groups instead of open groups. Then the Group Manager controls the group members.
Note:
Through group membership, users may accrue sets of various access rights. In this case, pay attention that:
- access rights at the item level are stronger than access rights at the section level
- access rights hierarchically start with Manage as the strongest, and the highest right counteracts all subordinate rights
For example: A user has Read access rights to the "Workplan" section and Off access rights to "WP1", and at the same time is a member of a group with Edit access rights to the "Workplan" section. In this case, the user will attain the stronger rights of the group at the section level and therefore will have Edit access rights to the "Workplan" section, except for "WP1" – as for this item the user has Off right at the item level which is stronger than the section level.
Note: Read further how to manage access rights of groups.