Permissions

Permissions are used in combination with Roles in Orgvue to control access to resources

This method is often described as Role Based Access Control (RBAC)

Users are allocated to roles which are then used with permissions to determine their access to datasets, properties, packs, views and drafts

Using the RBAC method, the owner or Admin can set the level of other users' access to that resource

Different permission levels are available to use with Datasets, Properties, Packs, Views and Drafts

Note: the role of admin exceeds any other permissions applied as the logon will be able to view and edit all resources in Workspace as well as manage other user accounts

It is possible to edit the permissions for a single resource (dataset, pack, view or draft) by following the steps outlined in the sections below or edit multiple datasets, views or drafts at the same time by following the steps in Edit Multiple Permissions

To view a video on controlling access rights click the thumbnail to open the video in a new browser tab

Permissions applied to Datasets, Properties, Packs, Views and Drafts are not visible to those roles to whom the permission has been granted

Dataset Permissions

Dataset permissions are entered on the Dataset Metadata screen

The permission level detailed is applied by adding the role of the user or group affected into the relevant permission field

If the same permission level is to be applied to more than one role these can be entered or selected from the list

Permissions are applied in a hierarchy from most restrictive to least restrictive as defined in the table below

Dataset permissions may be combined with Property permissions to enable further control granularity

• Manage (manage) is the only operation that lets users create views other than dataset owners

In addition to the permissions listed in the table the permission Update-values may be added as a Tag entered into the Tags box on the Dataset Metadata screen

This is a restricted version of Update which allows the updating of existing nodes only. Nodes may not be added or deleted

Prefiltered Dataset Permissions

Permissions for a Prefiltered Dataset are applied using specific Tags entered into the Tags box on the Dataset Metadata screen

However, once entered and saved, these tags will be converted to custom permissions

To view and edit these tags:

1. Select Custom permissions on the Dataset Metadata screen
2. The filter permissions will be displayed and maybe deleted or added to

Property Permissions

Permissions may be applied to individual properties within a dataset as well as to the actual dataset

This may be useful to allow all users to see the dataset but hide certain properties from some roles

Property permission are entered on the Edit Property via the permissions tab

There are 4 levels of permissions that may be applied to properties

1. Hidden: Cant see the property
2. Read Only: Can see the values
3. Update: Can edit the values
4. Modify: Can edit the settings

Permissions are applied by entering a role group into the permission level box

If the same role group is entered into more than one permission level box the least restrictive level will be applied and any role groups in levels below will show faded

Important: When applying property permissions alongside dataset permissions is only possible to further restrict access to properties

E.g. If the dataset has Update permission level set it is possible to apply read only permission to a property

This table shows the relationship between dataset and property permissions

Pack Permissions

Permissions applied to Packs provide access control to the slides and visualizations in the pack along with any pack properties

In addition, a user account will also require the appropriate permission for the dataset the pack is built from to be able to view any data in the pack

Role permissions are entered on the Pack Metadata screen with the required role entered into either:

• A. Read Only
• B. Modify

There are only two levels of pack permissions as detailed in table below

View Permissions

In order to create a view a user must be either:

1. The dataset owner
2. Have the role admin

Alternatively the dataset the view is being created from, can have a role entered into the Manage field as detailed in Dataset Permissions to enable the specified roles to create a view from the dataset

A View is always Read Only and the Roles or user email addresses of accounts that are permitted to open the view are set during the view creation process on the View Permissions screen

Draft Permissions

Similar to Views, the Roles or email addresses of accounts permitted to view or modify a Draft are set during the draft creation process on the Draft Permissions screen

To import a draft into a dataset requires the importer to either be the dataset owner or have modify permissions for the dataset

NOTE: View and Drafts are the only data items that support user level permissions based on email addresses. Permissions for all other data items (Datasets, Packs, & Properties) are applied using Roles

Edit Multiple Permissions

It is possible to edit the permissions of multiple

• Datasets
• Views
• Drafts

As the same time by:

1. Select the required datasets
2. Select Assign permissions

This will open the permissions screen for the datasets selected:

• A. The datasets selected will be displayed
• B. Permission levels are shown
• C. Permissions may be applied to all selected datasets by adding roles into the header row
• D. Roles may be added or removed from permissions of individual datasets
• E. Permissions may be added to views and drafts of a selected data if they exist
• F. Datasets may be added to the selected list