User Permissions are used to manage access to the ACME Back Office. You can configure Permissions so that different Users can view, edit, create, and delete different elements of the ACME Platform.


User Permissions are based on a system of rules we call Rules Based Access Control (RBAC). RBAC gives you an exhaustive set of user permissions, which you can assign to different people or groups in your organizations. This gives you granular control over the ACME Platform.


TABLE OF CONTENTS


How User Permissions Work


ACME has configured approximately 300 individual permissions that are checked any time a user attempts to view, modify, or delete any aspect of the system. Individual permissions are collected into Roles, Roles are then assigned to User Groups, and finally User Groups are assigned to individual Users.


This hierarchy of Permissions, Roles, and User Groups allows collections of permissions to be used in multiple places. For example, Event Supervisors, Operations Managers, and the CFO all need the ability to create and run reports. Rather than assigning each individual all 10 of the permissions that are required to create reports, you can create a Reports Admin Role and assign that to the User Groups to which each of those people belong.



In the example above, Permissions are organized into three Roles. The two Event Supervisors, Ruby and Malik, need to create and manage Events and create Reports, so they are given Event Admin and Reports Admin Roles. Sarah, the Sales Supervisor, does not need Event permissions, but she does need to create Reports and Accounts. She is also given the Reports Admin Role, and is additionally given the Accounts Admin Role.


In Back Office, it will look like this:


Group
Role
Permissions
Event SupervisorEvent AdminEVENT_TEMPLATE_VIEW
EVENT_TEMPLATE_CREATE
EVENT_TEMPLATE_PUBLISH
EVENT_TEMPLATE_REORDER
EVENT_TEMPLATE_UPDATE
EVENT_TEMPLATE_DELETE
EVENT_VIEW
EVENT_UPDATE
EVENT_RESCHEDULE
EVENT_DELETE
EVENT_CANCEL
EVENT_RESTORE
Reports AdminREPORTS_VIEW
REPORTS_CREATE
REPORTS_EXECUTE
REPORTS_UPDATE
REPORTS_DOWNLOAD
REPORTS_DELETE
Sales Supervisor

Accounts AdminACCT_VIEW
ACCT_VIEW
ACCT_CREATE
ACCT_UPDATE
ACCT_APPROVE
ACCT_DELETE
ACCT_PMNT_POLICY_VIEW
ACCT_PMNT_POLICY_UPDATE
Reports AdminREPORTS_VIEW
REPORTS_CREATE
REPORTS_EXECUTE
REPORTS_UPDATE
REPORTS_DOWNLOAD
REPORTS_DELETE



Default Permissions, Groups, and Roles


Each ACME environment is pre-loaded with several User Groups and Roles so you can get started right away without having to worry about setting up Permissions. For most organizations, the default Groups and Roles meet their needs, and will not need to be changed. Some organizations like to modify Roles and Groups to better suit their needs.


If you use the default Groups and Roles, you only need to know how to add Users to Groups. See the Recommended Standard Groups & Roles guide for a list of default User Groups and Roles.


Adding Users to Groups


In ACME, a single User can belong to many different Groups.

  1. Click on "Users" in the left navigation panel.
  2. Click "Groups" from the expanded "Users" menu.
  3. Double-click on the Group you want to assign to Users to.
  4. Click "Users" in the upper right. You will see a list of all Users assigned to that Group.
  5. Click "Add Users" in the upper right.
  6. Scroll through the list of possible Users, or type a search term into the "Search Fields" box to locate the User(s) you'd like to add.
  7. Click on the User(s) you'd like to add.
  8. When you've selected all Users, click "Add Users."

The User(s) are now added to the Group, and receive all of the Permissions attached to it.


Note: You can also add and remove Users from Groups by editing their User Profile.


Removing Users from Groups


When employees change departments, job functions, or access levels, you may want to remove them from different Groups.


  1. Click on "Users" in the left navigation panel.
  2. Click "Groups" from the expanded "Users" menu.
  3. Double-click on the Group from which you want to remove Users.
  4. Click "Users" in the upper right. You will see a list of all Users assigned to that Group.
  5. Click "Remove" next to the User you want to remove.
  6. In the confirmation window, click "Remove User".


For most organizations, the default groups will be enough. However, if you'd like to create your own Roles and Groups, click forward to read about Creating Roles and Groups.