User Permissions Overview
Permissions in the platform control what users can see and do. The system uses a role-based access control structure where users are assigned to user groups, and user groups contain roles that define specific permissions.
How the Permission System Works
The platform uses a three-level permission structure:
Users → are assigned to → User Groups → which contain → Roles
Roles define what actions users can perform and what features they can access. There are two types of roles:
- Application Roles: Define access to records (Assets, Accounts, Portals, etc.), components (Public Link, Location Map, etc.), and administrative features. If a role does not grant access to a record or component, users will not see it in the interface.
- Folder Roles: Define access to specific folders and the assets within them. These roles control visibility and actions available for folder-based content.
User Groups are collections of roles assigned to users. Key characteristics:
- A user group can contain multiple roles (both application and folder roles).
- Users can be assigned to multiple user groups.
- User groups can be designated as admin groups, granting full platform access to all members.
- Individual users can also be granted administrator rights directly, bypassing group-based permissions.
What Permissions Control
- Record Access: View, edit, or manage specific record types (Assets, Accounts, Portals, Dwellings, etc.)
- Component Visibility: Access to features and components in asset details and throughout the platform. Some components also depend on Metadata Profiles for visibility.
- Actions: Upload, download, edit metadata, delete, share, reprocess, manage versions, and more
- Admin Features: Access to administrative configuration including metadata structure, user management, branding, reports, digital rights, integrations, and system settings
Tips
- User groups simplify permission management by allowing you to assign roles once and then add users to appropriate groups.
- Folder roles provide granular control over which assets users can access, while application roles control broader platform capabilities.
- Admin groups should be used sparingly and only for trusted users who need full platform access.
- If you need help designing your permission structure, contact Data Dwell support for assistance.
Related Articles