About roles and access rights
To manage users' roles and access rights, you must be an Admin or a Manager level user.
Per project, each user is given a role and provided with a defined set of access rights, which determine the capabilities a user has within the project and what she/he can see and change. Note that roles and access rights are set separately for each of your projects.
Roles and access rights
There are four different roles with a defined set of access rights:
- Owner: The designated legal contact to EMDESK, the project and subscription owner and is responsible for invoices and payments. There is only one owner for each project. The owner is the only user who can delete the project. The owner is marked by a crown in the "User" section. By default, the person who created the project.
- Admin: Full access to the project and responsible for the technical administration of the project. (Can be more than one).
- Manager: Almost full access to the project, but no access to "Subscription". (Can be more than one).
- Regular User: Any user who is not the Owner, Admin or Manager. Restricted read access to technical settings and general project information. The defined set of access rights must be defined and determine what the user can read, edit and manage. (Can be more than one).
- By default, the user who set up the project is given the Owner and Admin role in the project.
- New users are defaulted to regulars users with full access rights to all ("Manage All" for all element types).
Access rights of regular users
Non-Admin and non-Manager role level users are regular users. For them you can define the level of access per the following element types:
- Resources (user must have at least read access to the linked Activity and Participant to perform the access right set for Resources).
The following access level options are available per each element type:
- Manage All: The user has full access and can see, edit and manage (add, move and delete) all elements of this type.
- Edit All: The user can see and edit all elements of this type, but cannot manage them (add, move and delete).
- Read All: The user can see all elements of this type and add comments and attachments, but cannot edit and manage them (add, move and delete).
- Off: The user has no access to any elements of this type.
- Custom: Specific access right Off, Read, Edit and Manage is defined for each element (not available for Resources):
- Off: The user has no access to the element.
- Read: The user can see the element and add comments and attachments, but not edit.
- Edit: The user can edit the element, but not manage (add, move and delete).
- Manage: The user can see, edit and manage (add, move and delete) the element.
To read about how to define precise access rights of regular users, read "How to manage access rights of users and groups".
Note: Basic information about elements, e.g. ID or name, is displayed to users with no access to the elements (OFF), if the user accesses other elements associated with those elements.
Using groups to set user access rights
If enabled for a group, you can organize account users into groups, and use groups to set and grant access rights for a number of users. Users joining or leaving the group will automatically gain or lose the access rights set for the group. For critical sets of access rights managed through groups, we recommend to use restricted groups instead open groups. Then the Group Manager controls the group members. Groups cannot be given the role Admin, Manager or Owner.
Note: Through the membership of groups, users may accrue sets of various access rights. In this case, access rights are hierarchical starting with 'Manage' as the strongest, and the highest right counteracts all subordinate rights.
For example: A user is a member of two groups. These groups grant different access rights to an element: Group 1 grants Read access, but Group 2 grants Edit access. The user will attain the stronger rights of Group 2 and therefore these will be authorized.
Tip: If you want to know who the Owner, Admins and Managers are for your project, use the "Contacts" section to find a contacts with assigned roles.