About roles and access rights
Note: To manage users' roles and access rights, you must be the Admin or Manager level user.
Per workspace, each user is given an access level / role and provided with a defined set of access rights, which determine the capabilities a user has within the workspace and what she/he can see and change.
Note that roles and access rights are set separately for each of your workspaces. Every user must be invited to workspace and accept the email invitation.
Access levels / roles
There are four different access levels / roles with a defined set of access rights:
- Owner: The designated legal contact to EMDESK, the project and subscription owner is responsible for invoices and payments. By default, the owner is the person who created the project. There is only one owner for each project. The owner is marked by a crown in the "Users" section. The owner is the only user who can delete the project.
- Admin: Has full access to the project and is responsible for the technical administration of the project. Can be more than one.
- Manager: Has almost full access to the project, but no access to "Subscription". Can be more than one.
- Regular User: Any user who is not the Owner, Admin, or Manager. Has restricted read access to technical settings and general project information. To determine what the user can read, edit, and manage, the defined access rights must be set. Can be more than one.
- By default, the user who set up the project is given the Owner and Admin role in the workspace.
- New users are defaulted to the Regulars User role with Manage access rights to all workspace items (read how to define precise access rights for Regular Users).
Note: Read further how to manage users' roles.
Access rights of Regular Users
Non-Admin and non-Manager role level users are Regular Users. For them you can define the access rights per sections (Activities, Participants, Documents, Resources) and per specific items in these sections.
The following access rights options are available per each section and item:
- Manage: The user has full access to the data – can see, edit, and manage (add, move, or delete) workspace items.
- Edit: The user can see and edit workspace items, but cannot manage them (add, move, or delete).
- Read: The user can see workspace items, add comments and attachments, but cannot edit and manage items (add, move, or delete).
- Off: The user has no access to workspace items.
- User must have at least Read access rights to the linked activity or participant to perform the access right set for Resources.
- If Regular Users access items associated with the items they do not have access to, only basic information about those "Off" items is displayed, e.g. ID or name.
Note: Read further how to manage access rights of Regular Users.
Using groups to set user access rights
You can organize account users into groups, and use groups to set and grant access rights for a number of users at once. Users joining or leaving the group will automatically gain or lose the access rights set for the group. Groups cannot be given the Admin, Manager, or Owner access level – only the Regular User role can be assigned to groups.
For critical sets of access rights managed through groups, we recommend to use restricted groups instead of open groups. Then the Group Manager controls the group members.
Through the membership of groups, users may accrue sets of various access rights. In this case, pay attention that:
- access rights at the item level are stronger than access rights at the section level
- access rights hierarchically start with Manage as the strongest, and the highest right counteracts all subordinate rights
For example: A user has Read access rights to the "Workplan" section and Off access rights to "WP1", and at the same time is a member of a group with Edit access rights to the "Workplan" section. In this case, the user will attain the stronger rights of the group at the section level and therefore will have Edit access rights to the "Workplan" section, except for "WP1" – as for this item the user has Off right at the item level which is stronger than the section level.
Note: Read further how to manage access rights of groups.