User Permission Control: Best Practices
AnsweredDetailed User Permission Sets for Optimal Platform Management in Softools
When setting up user permissions in Softools, it's essential to tailor the access rights to the specific tasks each user group needs to perform. Here's a breakdown of the recommended permission sets for various user roles. This article goes through:
- Site Admins
- Basic App Builders
- Advanced App Builders
- Data Admins
- Standard Users
- External Users
We suggest that certain permissions should be restricted to a select few users due to the implications of these actions - delete records and security. This is because deleted records cannot be restored, whereas archived ones can, and security rights can mean that the user deletes admin/Softools teams and therefore it becomes difficult to find them.
Site Admins
- Permissions: These users will be responsible for updating teams and users as well as being able to access imports and exports on the site.
- Most of the record and report permissions, excluding the delete function due to the reasons mentioned in the introduction above.
- Full access to the system apps so that these users can find the system applications which gives information on users, teams and site functionality such as imports and exports.
- Best Practices: Grant this level of access to a very limited number of users. Use audit trails to monitor changes and ensure accountability.
Basic App Builders
- Permissions: This will be for someone who has been through the Softools training, but maybe doesn’t have the confidence for the full range of Softools capabilities.
- The record and report permissions are almost all selected except for delete, again for the reasons mentioned above.
- Some of the system app permissions are selected so that the app builder can view and edit users, teams and imports and exports. App Studio permissions are confined to the simpler functions, such as adding an app, basic configuration etc. You will notice that no workflow, dashboards or field delete options are selected and this is to ensure that the app builder cannot make critical changes that may damage/halt functionality in the app.
- Best Practices: Offer to users who need to create department-specific or function-specific applications without complex requirements.
Advanced App Builders
- Permissions: This will be for someone who has been through the Softools training, and has gained experience and confidence to access the full range of Softools capabilities.
- The record and report permissions are almost all selected except for delete, again for the reasons mentioned above.
- The assumption for this user is that they have knowledge of the apps and the functionality of Softools and so they should have full permission for system apps and app studio. However, if you have dedicated site admins and the advanced app builder will not be using the system apps, then you can un-select all of the system app permissions.
- Best Practices: Reserve for highly trained personnel who possess both technical proficiency and an understanding of the organization's workflow requirements.
Data Admins
- Permissions: This is a user who will be an admin for the data included within the apps.
- The record and report permissions are almost all selected except for delete, again for the reasons mentioned above.
- The only system app permissions they need are imports and exports, so that they are able to monitor what users are doing with these functions.
- Best Practices: Assign to users responsible for overseeing data integrity, compliance, and security. Regular data audits should be conducted to maintain data quality.
Standard Users
- Permissions: These users will be the majority on the site – they will need access to the apps to fill out records and input data.
- The record and report permissions are almost all selected except for delete, again for the reasons mentioned above.
- No system app or app builder permissions should be selected as these users will not need to monitor functions like imports or exports or make any changes to the apps themselves.
- Best Practices: The default user role for most employees. Permissions should be regularly updated to reflect changes in job duties or responsibilities.
External Users
- Permissions: These users are not part of your organisation, e.g. they may be suppliers or associates that are not employed by your company.
- This means that their permissions need to be very restricted, so that they cannot change important data or information on the apps and are not able to see/edit anything that they are not meant to. They should be able to update and export data, attach and comment, but not create, archive or delete records. Nor should they be able to see the history of a record.
- No system app or app builder permissions should be selected as these users will not need to monitor functions like imports or exports or make any changes to the apps themselves.
- Best Practices: Ideal for clients or external partners that require limited access. Permissions for external users should be frequently reviewed for relevance and security.
Implementation Tips:
- Consistent Review: Permissions should be consistently reviewed, especially after role changes or project completions.
- Segregation of Duties: Ensure that no single user has control over all aspects of any critical system process without oversight.
- Training: Regularly train users on the scope of their permissions and the importance of security practices within the platform.
Adhering to these specific permission sets will help maintain a secure, orderly, and efficient Softools environment. Customize these permissions to align with your organization's needs and maintain vigilance in their application.
Please sign in to leave a comment.
Comments
0 comments