Permission definition
In ActivityInfo, a Permission is a right given to a user to allow them to perform a specific task. Without the required Permission, a user will be prevented from performing that task. Permissions are part of Roles.
Permissions are the primary mechanism for controlling what a user can do in a Database, Folder, Form or Subform (called resource(s) below).
Permissions are linked to Roles. When you invite a user, you assign a Role to them and you give them access to specific resources in the Database or to the whole Database.
Database templates come with some predefined Roles which can be adjusted to your needs or used as they are.
Permissions available
- View all records:
The user will be able to view all records of the selected resource(s).
- Add any record:
The user will be able to add records to the selected resource(s).
- Edit all records:
The user will be able to edit any record in the selected resource(s)
- Edit 'Reviewer only' fields(1):
The user will be able to fill in fields that have the 'Reviewer only' property checked in the selected resource(s).
- Delete any records:
The user will be able to delete any record from the selected resource(s).
- Bulk record delete:
The user will be able to delete multiple records at once from the selected resource(s).
- Export records:
The user will be able to export the records of the selected resource(s).
- Manage reference data:
The user will be able to add, edit and delete records that belong to the selected resources and have their visibility set to 'reference'.
- Manage users:
The user will be able to invite and delete other users, give them roles and grants that include equal or less permissions than their own for the selected resource(s).
- Manage roles(3):
The user will be able to edit the roles of the database.
- Manage translations(5):
The user will be able to manage translations in the database.
- Manage record locks:
The user will be able to add, edit and delete locks on the selected resource(s).
- Add forms and folders and reports(4):
The user will be able to add forms, folders and reports to the selected resource(s).
- Edit forms and folders and reports(4):
The user will be able to edit forms, folders and reports in the selected resource(s).
- Delete forms and folders and reports(4):
The user will be able to delete forms , folders and reports from the selected resource(s). Note that deleting a folder deletes its contents too.
- Manage collection links(2):
The user will be able to open and close a collection link to the selected resource(s). When you share a collection link, you give access to a data entry form to people who don't have an ActivityInfo account.
- Share reports:
The user will be able to share reports related to the records of the selected resource(s).
- Publish reports:
The user will be able to publish reports related to the records of the selected resource(s).
- Audit user actions:
The user will be able to view and filter the audit log and revert deletions that took place in the database and which are related to the selected resource(s). They will not be able to restore access for deleted users unless they have the 'Manage users' permission.
(1) added in February 2021
(2) added in May 2021
(3) added in October 2021
(4) 'reports' added in June 2022, for Reports as part of Databases and not for personal Reports
(5) added in August 2022
Please keep in mind that some Permissions are very significant.
- For example, the 'Manage roles' Permission enables someone with that Role to give themselves any Permissions. The 'Delete any records' and the 'Bulk record delete' Permissions allow someone to delete all records in the resource(s) they access.
- If you grant someone the “Publish reports” permission for a Form, and they use that permission to include your Form in a Report in their Database, revoking that permission does not affect the existing Report. This is because the report is not owned by an individual.
For this reason, the “Publish reports” is a very sensitive role. You should only grant it to those whom you trust to exercise good judgment about who can see the data.
However, revoking the “Publish reports” permission would prevent those without the permission from editing the Report and changing what parts of your Form are visible to others.
If a form has Private or Public Visibility, the “Add Record”, “Edit Record” and “Delete Record” permissions determine whether the user can perform these operations.
If a form has Reference Visibility, the “Manage Reference Data” permission determines whether the user can add, edit or delete records in these forms.
Some Roles combine Permissions with other Parameters so you can further refine the Permissions. For example, the Role of Reporting Partner in the Multi-partner reporting Database template is combined with the Parameter 'Partner'. So after adding the Partner organizations in the Reference Form, using this combination in this Role gives the following result of Permissions:
- View where partner is user's partner
- Add records where partner is user's partner
- Edit records where partner is user's partner
- Delete records where partner is user's partner
- Export records
This way you can restrict users' permissions to Records related only to their organization.
Note that users will be able to view Reports added in the Database if they have the 'View where partner is user's partner' permission for the resource where the Report is added.
Operations Available
| Groupings of operations |
Action that can be performed on resources and users. |
|---|---|
| Basic Operations |
|
| Management operations |
|
| Administration operations |
|
| Sharing and Publishing operations |
|