Managing User Permissions

Managing the permissions of your users is a great way to ensure the safety and confidentiality of your workflows and workflow runs.

By assigning each user as an admin, member, or guest you can give your users access to segments of your organization rather than the whole thing.

Member permissions can be defined even further, which gives you granular control of which users or groups can view or work on which workflows, runs, and tasks.

Users: In order to set user permissions you will need to be an Administrator.

How to manage user permissions

To manage user permissions, you will need to open your organization manager. Click your profile picture in the upper right corner of your screen, then click “Settings” to access this page.

By default, this opens on the “Members & Guests” tab. From here you can view and control user permissions.

You will see an entry for each user in your organization, and to the right of the entry will be a display of their current permission level (either Admin, Member or Guest) as shown above.

You can promote a user from guest to member, or from a member to admin (and back again) by clicking on the dropdown box under user “Type”, shown below. The current selection is highlighted in blue, so to change their user type, click on one of the fields in white.

Users can be deleted from your organization entirely by clicking the remove user icon on the right-hand side.

Note: When you delete a user, they will be immediately unassigned from all workflow runs and tasks. And on our paid plans, when you promote a guest to a member, you will pay for the member pro-rata (for the month or the year dependent on which subscription your organization is on).

Types of users

There are 3 different main types of users Admins, Members and Guests, which affect how much control they have in the organization, and what they can see or do.

In addition to this, Members can be given one of four separate levels of permission, which gives you more granular permission control.

Here is a snapshot of Admin, Member and Guest permission levels:

Admins

Admins are the top-level users in the organization. They have unlimited permissions and can create and manage groups and folders, manage billing, and delete or restore deleted workflows and workflow runs.

Admins see everything in your organization, no matter what permissions you have set on folders, workflows, workflow runs, or tasks.

To restrict a user’s access in any way they must be either a member or a guest.

Members

Members are regular users in your organization. You can give them permissions to see and work on different folders, workflows, workflow runs, and tasks. You can also add them to groups and folders for easy permission control.

Member permissions

Member permissions can be further controlled by choosing ‘can edit & run‘, ‘can view & run‘, ‘can view own & run‘ or ‘can view own‘ levels. These can be applied to folders or workflows, giving your team selected permission based on their roles or what they need to work on.

  • Can edit & run” is the highest level of folder/workflow-specific permissions. It is reserved for members who have permission to edit workflows, for example, managers or team leaders
  • Can view & run” is the default member permission level, and is enough for all members except those who actually need to create or edit workflows
  • Can view own & run” restricts a member’s access to certain areas. They can only see what they’ve been assigned to
  • Can view own” is the lowest member permission level. It would be useful for situations when users don’t need to see each other’s information, for example with HR processes that include sensitive data — HR staff can see everything while regular employees can only view their own

Here are the Member permission levels in full:

Guests

Guests can only view workflow runs or tasks they are directly assigned to. You can only assign guests on active workflow runs.

Here are the Guest permission levels in full:

Anonymous Users

Anonymous users are not part of your organization and they don’t need a Process Street account to complete tasks in workflow runs. Learn more about anonymous users.

Managing member permissions

Process Street allows you to give members different permissions to each folder and workflow, so you can precisely control who sees and edits what.

Folder permissions

You can set individual permissions for users and groups in folders, on a folder-by-folder basis. This effectively sets the same permission level on any workflows contained in that folder, so that you don’t need to set permissions on a workflow-by-workflow basis.

To manage folder permissions head to your Library and click the cog next to your folder’s name, then select “Assign members”.

Here you can view and change the permission levels for users or groups that you see, as well as invite new users and set their permissions.

As an admin, you can edit permissions for users and groups by choosing an option from the dropdown menu next to a user or group (as shown above).

The current selection is highlighted in blue, so to change the permission level, click on one of the fields in white.

Workflow permissions

You can manage workflow permissions for users and groups on a workflow-by-workflow basis.

Start in your Library and click the three dots next to your workflow’s name (or click its name) to open the right-hand menu.

Next, click the “Share” button and by default you are taken to the “Permissions” tab.

From here you can add users and groups and set their permission levels, in the same way as you can when setting folder permissions.

Workflow run permissions

You can manage workflow run permissions on a run-by-run basis.

By default, the person who ran the workflow is assigned to it (unless you have run it as a scheduled workflow run or via an integration).

To give more users or groups permission to see this workflow run, open it and click “Assign users” from the right-hand menu.

Task Permissions

You can also manage user and group permissions on a task-by-task basis when editing your workflows.

You can choose to give permission (visibility) on certain tasks to different users or groups, or switch task visibility off for them on other tasks.

Learn more about setting up and using Task Permissions.

Viewing inherited permissions

You can see which users have inherited permissions from a folder, when you open up the workflow sharing modal, as shown below:

When a member is added to a workflow with ‘Can edit & run’ or ‘Can view & run’, they inherit the permission to view its workflow runs.

Members with ‘Can view own & run’ or ‘Can view own’ can only see the workflow runs assigned to them.

To see who has inherited permissions on a workflow run, open it up.

Next, click on “Activity” from the right-hand menu, and then select the “Members” tab to see the inherited permissions (either directly on the workflow run, the workflow, or the folder the workflow is housed in).


 

Was this article helpful?

Related Articles