Updated user management functionalities - Powerful roles with resources, parameters, conditions and more

With our latest release, we are bringing to you an updated approach to user management to meet the diverse needs of intricate team structures and data protection requirements in a simpler and faster way.

Even though there are significant changes in user management, please rest assured that we will continue to support the legacy user management capabilities that you currently use until the end of 2024, providing plenty of time to migrate with confidence.

If you wish to transition over to the new grant-based scheme, you can create new roles and move existing users to these roles or use the duplicate and migrate to update role option. If you need advice or support to transition over to the new grant-based scheme, please contact the Helpdesk or your designated implementation specialist.

You can dive into the details of these updates in our documentation:

And join our webinar sessions:

In this article, you can find an overview of all the updates.

Create comprehensive roles to work faster

Roles now specify what resources (i.e. forms, folders, databases) they apply permissions to. You can now guarantee users assigned to the same role will have the same access to resources (grants). This means that you can include all the necessary permitted operations, conditions, resources, and parameters under one role. You can then assign that role to all users that need to have the same kind of access.

How it works:

Add a role and add one or more resources for which the role will apply. For each resource, select the permitted operations from an organized list.

Go a step further and add conditions for record level control. Specify in detail which records each user will be able to view, edit, add or delete based on fulfilled conditions.

Finally, restrict users’ access based on specific parameters to ensure that their access will be valid based on them. For example, ensure that they can view/edit/delete records added only by their organization or related to a specific location.

List of permitted operations
List of permitted operations

Learn more in the sections below.

Set your own parameters

Instead of raising a ticket to our team or using the API, you can define parameters on your own (based for example on partners, locations or other types of fields).

When you invite a user, as soon as you assign them that Role you will be able to select the parameter(s) choice as you would usually do (for example as you did with the legacy template role of 'Reporting Partner').

Creating parameters
Creating parameters

Using parameters
Using parameters

Set rules with conditions for record level data entry

Set specific rules where any or all of the conditions you define for field values of records of the selected resource must apply for the user to view/add/edit/delete the record. Use field values or formulas to specify the condition.

Setting conditions
Setting conditions

Reference visibility is no longer required for reference forms

In the past, you would mark the visibility of a reference form/folder as ‘reference’ so as to conceal it from the list of resources data entry users would see, while still making it possible for users to select fields from those reference forms as answers in their data entry forms.

Now, you can simply uncheck the box of “Display in the list of forms” in the list of permitted operations to ensure that the selected resource won’t be shown in the list of data entry forms.

Selecting not to display a resource in the list of forms
Selecting not to display a resource in the list of forms

Manage users and roles separately

The ‘Manage users’ and ‘Manage roles’ permission is now part of Role design.

You can decide whether to include those in a Role or not instead of assigning the permission separately to each individual user.

Manage roles and manage users
Manage roles and manage users

Please be reminded that 'Manage users' will allow users to change roles for existing users in the database or add new users. Users with this permission selected will be allowed to manage users that have a higher or equal set of permissions and resources.

'Manage roles' is a very powerful permitted operation; it should be given to users that database owners fully trust; it gives full database view permissions so that Role creators can modify and add roles freely.

Remove access to specific resources for selected users with the same role by setting the resource (grant) as optional

When you invite a user and you assign them a Role, you can control which of the granted resources they will have access to.

To make this possible, when you are setting up the Role, make sure to check the box ‘Set as optional resource’ for every resource you want to have this option available.

Setting optional resources
Setting optional resources

Giving access to optional resources
Giving access to optional resources

What do you think of these updates?

We hope that with these changes we will make the user management process easier for your organization.

Do you have questions or comments?

Don’t forget to join our sessions to address them:

If you need advice or support to transition over to the new grant-based scheme, please contact the Helpdesk or your designated implementation specialist.