Classification and Configuration of Roles
I. Roles in Application
In the application, there are system roles and custom roles. System roles can manage the application structure, data, and users, and custom roles can only operate on data within their permissions.
Application Admin
The Application Admin can manage all the configuration and data of the application, but cannot delete the application.
Application Owner
In the Administrator tab, there is also an "Owner" label, which by default is the creator of the application. Applications can be transferred to other members, but there is only one owner for each application. Only the application owner can delete or lock an application, and the other permissions are the same as the Application Admin.
The permissions of the Application Admin are fixed and cannot be changed, nor can the role be deleted.
Operator
The operator focuses on data and user management and cannot configure the application, including:
Manage the role owners of common roles.
Manage all the members of the common roles.
View, edit or delete all records.
Note: Operators cannot copy, delete, or export applications, or cannot manage users of system roles. Operators cannot edit, but can only adjust members of a role.
Developer
Developers focus on the application configuration, including:
Configure the navigation and grouping of applications, workflows, worksheets, and custom pages, add, edit and delete user roles (including roles in external portals), and set up external portals (including configuration of domain names).
When associating worksheets across applications, the application to which the associated worksheet belongs must be the application "Developer" or "Admin".
Developers can view the joined records and can only edit and delete the records they own.
Note: Developers cannot copy, delete, or export applications, or cannot edit the members of a role, only adjust them.
If a user is given both the operator and developer roles, he has the same permissions as the Administrator role, except that he cannot copy or export the application. For a detailed description of the permissions, please check the last section of this article.
Custom Role
Administrators and developers can create new roles. The members and permissions of custom roles can be customized and adjusted at any time.
Role Leader
A role leader is a type of member of a normal role. A member who is set as a role leader can add or remove members of the role, and can set other members as role leaders.
Custom Role
Application Admins can create new roles and customize the permissions. Newly created applications come preconfigured with two custom roles, Member and Read-only. Administrators can reconfigure these permissions, modify role definitions, and add more roles.
II. Create/Edit Role
1. Create Role
1). Clicking the [Create Role] button, you can set the name and description, and configure the permissions of the role.
2). Click the [Save] button at the bottom to complete the configuration, or click the [Delete] button to cancel the creation of a new role.
The role description is as follows:
2. Edit Role
Click the target role to edit, such as modifying the name, description and permissions configuration.
Once you have made any modification, you can choose to [Save] or [Cancel] the changes.
III. Configure Permissions for Roles
There are two modes of configuring permissions for roles.
Distribute all application items (simple)
That is, all pages, worksheets, and views are visible to the role, and all worksheets have the same permission configuration.
Distribute selected application items (advanced)
You can configure roles to have viewing and editing permissions for some content (pages, sheets, views, and fields). More granular permission configurations are possible, with roles having different permissions to operate on different worksheets, views, and records.
Mode 1. Distribute all application items (simple)
This is a quick and easy way to configure permissions. All custom pages, worksheets and views in the application are visible to the roles, and the permissions are controlled in a unified way. It is more suitable for applications with fewer users and fewer roles.
Permissions to View/Edit/Delete Records
There are 4 types of configurations.
1) Can view, edit, and delete all records
View records All records and data in the application can be viewed, edited and deleted.
Users can manage all the data in the application except that they cannot configure the application.
2) Can view all records, but can only edit and delete records that users own
View records All records are visible.
Edit/Delete records Users can only edit and delete records they own.
If you are not clear about which records you own, please check the introduction to the three roles in a record.
3) Can view the joined records, and can only edit and delete the records users own
- View records Not all of the data in the view will necessarily be displayed, and users can only see the records they have joined.
- Edit/Delete records Users can only edit and delete records they own.
4) Read-only to all records
All pages, worksheets, views, and records are visible to the user, but none can be edited or deleted.
For the 2nd and 3rd ways above, you can choose to check [Records Joined/Owned by Subordinates]. If checked, users can also edit and delete records owned by subordinates. The subordinates here are the subordinates in reporting relationship.
Permissions to Share/Print Records
In addition to configuring permissions for viewing, editing, and deleting records, you can further configure permissions for other common operations, such as adding, importing, exporting, printing, and so on.
Mode 2. Distribute selected application items (advanced)
Compared with the above simple mode, the advanced mode is more flexible and fine-grained. You can customize the user's operation permissions for different worksheets and different views in 4 levels.
Level 1. Configure the visible pages
Configure which worksheets, views, and custom pages are visible to users.
1) Configure worksheets/custom pages visible to roles
Worksheet: Users manage the data in their worksheets through views, so at least one worksheet and one view should be visible to the role. Select a role-visible view as needed, and as long as one view is visible to the user, the worksheet to which the view is attached is also visible to the user.
Custom page: You only need to configure viewing permissions for custom pages by checking the box, no need to configure editing, deleting and adding permissions.
2) Configure views visible to roles
Select and check the view that the role needs. Unchecked views are not visible to the role.
Hide in navigation
In some worksheets and custom pages you can configure permissions for users to view, edit, or add. However, users generally operate through the associated data, for example, the Order worksheet is associated with the Order Detail worksheet, users generally view an order and then view the corresponding detail data or add details, rather than going directly to the Order Detail worksheet to operate. Therefore, you can hide the Order Detail worksheet from the user in the navigation, which keeps the navigation simple while retaining the user's permissions on the data.
Hide only for a role
After configuring the viewing and editing permissions for a role, mouse over the worksheet name, you can see the [Hide] button, click it to hide:
Hide for all non-administrators
This way works for all non-administrators (non-developers) (the same method applies to custom pages).
Hiding a worksheet in the navigation means hiding the entry to access the worksheet in the navigation, but the user can still open the worksheet normally through the associated worksheet, getting the link to the worksheet, and embedded view in the custom page, and so on.
Regarding whether the administrator can see the hidden items, you can also configure it in the application navigation.
Level 2. Configure permissions on the views
View/Edit/Add Records
There are four kinds of permissions for users to the records in the view, viewing records, editing records, deleting records, and adding new records.
Viewing a record is the basic permission. If the user can't view a record, he can't edit or delete it.
As shown below, in the Draft view of the Order worksheet, users can view, edit, or delete records, while the records in the Submitted and Approved views can only be viewed, and none of the records can be edited or deleted.
The permission to add a record is based on the worksheet and not on the view. That is, if a user has permission to add a record, he can add a record regardless of the view.
Export/Import/Print/Share Records
In addition to adding, deleting, modifying, and viewing data, there are also operations such as sharing, importing, exporting, and printing, etc. In [Setting], you can configure the permissions for worksheets, views, records, and custom buttons.
As shown in the following figure, you can also configure custom actions in the function switches of the worksheet. However, in the worksheet you can configure whether the button is available in the specified view or not, while the permission settings for the role are valid for all views.
The final permissions of the user depend on the minimum permissions set in the two places mentioned above.
Level 3. Configure permissions on the records
The above steps configure whether the user has permissions to view, edit, and delete data in the view, and then you need to further configure which records in the view the user has permissions to operate on.
For example, the [Team Clues] view shows all the clue records of your own team. However, you can edit and delete the leads you own, and view the leads of other team members. It indicates that you do not have permissions to operate on all the records in the view that are visible to you.
Click the [Setting] button on the right to configure the records that the role have permission to operate on.
There are 3 types of records range, "All", "Joined by users", and "Owned by users".
Which records can be viewed
All: Users can view all records in the views that are visible to them.
Joined by users: Users can view the records they have joined in the view visible to them.
Records joined by subordinates: Users can view the records that they have joined or their subordinates have joined in the views visible to them.
If you are not clear about which records you joined, please check the introduction to the three roles in a record.
Which records can be modified
All: Users can edit all the records in the view visible to them.
Owned by users: Users can only edit records that they own, not records that they joined.
Records owned by subordinates: Users can edit records that are owned by themselves or their subordinates.
Which records can be deleted
All: Users can delete all the records in the view that are visible to them.
Owned by users: Users can delete records they own, but not records they joined.
Records owned by subordinates: Users can delete records owned by themselves and their subordinates in views that are visible to them.
[Tips] The above settings are for all views in the worksheet. If you need to set users to have different operation permissions for different views, you can set different roles and add users to the roles.
Level 4. Configure permissions on the fields
A record can be viewed, but not necessarily all fields are visible to the user; a record can be edited, but not necessarily all fields need to be edited.
This step allows you to configure which fields are visible or hidden to the user, which fields can be edited, or which fields are hidden when a new record is added.
If a field can be edited, it must be viewable.
With the above configuration, you can configure permissions for the user flexibly.
Hide Application
If an applicationn is hidden and not visible to members, the entry for this applicationn is not visible in the applicationn list on the home page. Sometimes when associating data or referencing views across applicationns, it is only necessary for the user operate from another applicationn, without a separate entry.
IV. Add Members to Roles
After the role is created, click [User] in the upper left corner, select a role below, and click [Add Users] in the upper right corner to add members.
1. Add members by user
It is suitable for adding users individually. You can select colleagues, friends and other collaborators.
2. Add members by department/o-roles/position
Members in the selected department have permissions of the role. New members joining the department are also automatically assigned the same permissions. The same applies when adding members by o-roles and position.
What does it mean to display the [current department only] tag?
Show department name only
It indicates that the department and all sub-departments are selected and that sub-departments are no longer listed separately. If new sub-departments are created, the members of the new sub-departments automatically have permissions of the role.
Show [current department only]
It indicates that when selecting a department, sub-departments are not selected, or only some sub-departments are selected.
Permissions for Developer and Operator
| Functional Module | Feature | Permissions | APP Lock | |
|---|---|---|---|---|
| Operator | Developer | Operator permissions if app locked | ||
| APP Management | Copy/Export/Delete APP | ❌ | ❌ | ❌ |
| Name & Icon | ✅ | ✅ | ✅ | |
| Navigation Settings | ❌ | ✅ | ❌ | |
| Edit Description | ✅ | ✅ | ✅ | |
| Usage Analysis | ✅ | ❌ | ✅ | |
| Option Set | ❌ | ✅ | ❌ | |
| Application Recycle Bin | ❌ | ✅ | ❌ | |
| Manage APP->Copy | ❌ | ❌ | ❌ | |
| Manage APP->Export | ❌ | ❌ | ❌ | |
| Manage APP->Backup | ❌ | ✅ | ❌ | |
| Manage APP->Restore(Note: In the list of backup files, developer does not have permission to "download backup files and restore to new apps".) | ❌ | ✅ | ❌ | |
| Publish Settings | ❌ | ✅ | ❌ | |
| External Portal-Under approval-Approval-free configuration (worksheets from other applications taken with administrator or developer role permissions) | ✅ | ❌ | ✅ | |
| API Development Documents | ❌ | ✅ | ❌ | |
| Application Item-Worksheet | Name & Icon | ✅ | ✅ | ✅ |
| Copy | ❌ | ✅ | ❌ | |
| Move to | ❌ | ✅ | ❌ | |
| Display/Hide in Navigation | ❌ | ✅ | ❌ | |
| Delete Worksheet | ❌ | ✅ | ❌ | |
| Edit Form | ❌ | ✅ | ❌ | |
| Worksheet Settings | ❌ | ✅ | ❌ | |
| Name & Icon | ✅ | ✅ | ✅ | |
| Edit Description | ✅ | ✅ | ✅ | |
| Set Field Name | ❌ | ✅ | ❌ | |
| Reset Autonumber | ✅ | ✅ | ✅ | |
| Import from Excel | ✅ | ✅ | ✅ | |
| Recycle Bin | ✅ | ✅ | ✅ | |
| Delete Worksheet | ❌ | ✅ | ❌ | |
| Public Release (Pop-up window after clicking on the [Create Record] -> [Share] button in the upper right corner) | ❌ | ✅ | ❌ | |
| Public Statistics - Add, Set, Move from Public, Copy to, Delete | ❌ | ✅ | ❌ | |
| Public Statistics - Filter, Share, Export (Excel) | ✅ | ✅ | ✅ | |
| Worksheet Logs | ✅ | ✅ | ✅ | |
| View->Configure | ❌ | ✅ | ❌ | |
| View->Change Type | ❌ | ✅ | ❌ | |
| View->Copy | ❌ | ✅ | ❌ | |
| View->Share | ✅ | ✅ | ✅ | |
| View->Share->Public Share | ✅ | ✅ | ✅ | |
| View->Export | ✅ | ✅ | ✅ | |
| View->Display/Hide in Navigation | ❌ | ✅ | ❌ | |
| View->Delete | ❌ | ✅ | ❌ | |
| View->Record->Calibration | ✅ | ✅ | ✅ | |
| Import Data-[Do not allow users to modify the default configuration] | ✅ | ✅ | ✅ | |
| Public Filter | ❌ | ✅ | ❌ | |
| Save as Printing Template ( System Printing, Print QR Code, Print Barcode ) | ❌ | ✅ | ❌ | |
| Application Item-Custom Page | Name & Icon (Menu) | ✅ | ✅ | ✅ |
| Copy | ❌ | ✅ | ❌ | |
| Move to | ❌ | ✅ | ❌ | |
| Display/Hide in Navigation | ❌ | ✅ | ❌ | |
| Delete custom page | ❌ | ✅ | ❌ | |
| Edit custom page | ❌ | ✅ | ❌ | |
| Name & Icon (Details Page) | ✅ | ✅ | ✅ | |
| Edit description | ✅ | ✅ | ✅ | |
| Display settings | ❌ | ✅ | ❌ | |
| Delete Page | ❌ | ✅ | ❌ | |
| Share Page->Public Share | ✅ | ✅ | ✅ | |
| Share Chart->Public Share | ✅ | ✅ | ✅ | |
| Application-User | Edit/Delete Role, Permissions, Extended Info | ❌ | ✅ | ❌ |
| Add User | ✅ | ✅ | ✅ | |
| [Send Notification], [Allow View] | ✅ | ✅ | ✅ | |
| Application-External Portal | Roles and Permissions, Portal Settings, Edit Custom Domain Name (when locked, developer identity hides the entire external portal)) | ❌ | ✅ | ❌ |
Have questions about this article? Send us feedback