Roles & Permissions
Definition
Unearth has six roles that restrict actions a User can do while using OnePlace. Once a User has been added to a Project, they are given a Role and associated permissions by default.
Six User Roles
The Roles and associated Permissions are:
- Owner
An Owner has full CRUD access to an Account, Project, and Assets unless items are defined as read only. Owners are treated the same as Admin.
- Admin
Like an Owner, an Admin has full CRUD access to an Account, Project, and Assets unless items are defined as read only.
- Manager
A Manager can manage Users and create, view, and edit all content unless it’s read only or editable only by admin. That said, they can only delete Assets they added themselves, and cannot edit or delete comments made by other Users.
- General User
Like a Manager, a General User can create, view, and edit all content unless it’s read only or editable only by admin. Likewise, they can only delete Assets they added themselves, and cannot edit or delete comments made by other people.
However, unlike a Manager, they cannot manage Users.
- Limited User
A Limited User to limited to their own Assets. They can create, view, and edit Assets ONLY if they created the Asset or it’s assigned to them by another User.
And like most other users, they can’t change data that’s read only or editable only by admin, can only delete assets they added, and cannot edit or delete comments made by other Users.
- Viewer
A Viewer can view Assets only.
How to Use Roles & Permissions
By default, every User in a project has a Role, so creating one is not necessary.
However, you may want to modify Roles assigned to Users. You may want to give a User a Role with more Permissions or demote a User so that they have fewer Permissions.
You can modify these Roles through the web app. At this time, modifying Roles isn’t supported in the mobile apps.
Before we begin, it’s important to remember that the ability to change another User’s Role depends on your own Role’s Permissions. You must be an Admin, Owner, or Manager.
Through the UI
Changing a User’s Role
Follow these steps:
-
Once logged into a Project on the web app, tap on the “U” in the top left of the screen and then tap once more on the “People” tab within the menu. You will see a list of other Project Users along with their company (if it exists) and their Role.
-
Tap the “...” dots to the far right of a User’s name. Then “View Profile”. This will open the User’s profile and a menu.
-
Once the menu opens, scroll to find the option to change the User’s Role. You can toggle through different Roles and see the permissions for each Role.
-
After selecting a Role and clicking “Done,” the User’s Role and Permissions will change.
To see these changes on the mobile app, you will need to close and reload the app. This app refresh will enforce the new Role on the User.
More Granular Tool Level Permissions (TLP)
While most customization is available through our UI or API, there are some capabilities that only Unearth’s Customer Success team can complete. TLP is one of these capabilities.
TLP is a subset of Roles & Permissions. Inside each Asset Type, there’s an attribute property that contains “permissions.”
Inside this “permissions” property, exists more properties: create
, read
, edit
, and delete
. Each property is assigned a boolean value for each role. This makes it easy to restrict CRUD on specific Assets and Features based solely on a User’s Role.
That said, if you created an Asset or there’s a form control that’s assigned to you within an Asset, this false value isn’t enforced unless you’re a Viewer. You can still edit and interact with your own Assets.
In the end, TLP enables you to control which Asset Types are available to Users, which Features appear on the map, and which Assets appear in the table.
Once TLP is set up, all enforcement in the apps is done on the client side.
Updated almost 2 years ago