SUMMARY
Athennian’s enhanced roles and permissions is available through the Access icon on the menu bar. These features allow administrators to control and manage who can access your data, based on:
- What entity data can be accessed by individuals, and
- What permissions an individual has to create, edit, delete or simply view the data they can see
Individuals invited to Athennnian can be granted access to as few or as many entities as required and even given a different role per entity if necessary. For consistency and efficiency, both entities and users can be grouped making management at scale simple, while reducing the risk of mis-shared data.
With Access, our enhanced roles and permissions offer full transparency into who has access to what, making it easy to see if changes are required and report on historical and current states.
ROLES AND PERMISSIONS
A role (or user type) is a group of permissions that must be applied to an individual or group of individuals when granting access to an entity or group of entities. The role applied defines how an individual with the specific role can interact with the entity(ies) to which they have access.
All individuals invited to Athennian must be assigned a User Type (or Role) upon initial invitation. An individual’s User Type establishes the maximum level of permission and amount of information an individual can access/action in Athennian. Should an individual require higher permission levels, the User Type can be updated by an Administrator at any point in time.
To gain access to Athennian, an individual must be assigned a role, and associated with an Entity Group.
Individuals can be assigned different roles for different entities. If granted access to the same entity with multiple roles, the highest role will take precedence.
An individual cannot grant a role higher than their own permission level (or the role given to a specific entity or entity group, whichever is lower). In order to gain access to any entity data, individuals must be granted access to entities (either as an individual or via a User Group).
Note: An individual may unintentionally be given a role with higher access to an entity than their User Type. However, the Role granted to an Individual Profile acts as a ceiling that prevents an individual from gaining access to an entity higher than their User Type.
| Role* | |
| Admin |
The highest level of permissions. Able to create, manage, and delete all individuals, entities, or groups when granted access. Upon initial setup, will receive access to an Admin user group and a Global Entity Group, where all entities in Athennian reside. Note: forbidden from removing access of the Admin user group to the Global Entity Group to prevent unintentionally losing access and management of all entities and user groups. |
| Office Admin | Can create, manage, and delete all individuals, entities, or groups when granted access––except within the Admin user group. Can not create or manage individuals in the Global group of Administrators. |
| User | Can create and manage entities when granted access. Can create new entity groups, but can only include entities they already have access to. Can not create new nor manage existing user groups and they can not remove entity groups. |
| Read Only | Can only view entities when granted access. |
| Summary Only | Have a limited view of entities when granted access. |
* Roles can be applied down to an individual entity level. i.e. individual access can be limited on an entity-by-entity basis, however, they can not be applied to sections within an entity nor on an individual field basis.
| Action | Admin | Office Admin | User | Read Only | Summary Only |
| View entities (when granted access**) | ✅ | ✅ | ✅ | ✅ | ✅ |
| Invite new individuals to Athennian | ✅ | ✅ | |||
| Remove access from individuals | ✅ | ✅ | |||
| Create User Groups | ✅ | ✅ | |||
| Create Entity Groups | ✅ | ✅ | |||
| Create new entities | ✅ | ✅ | ✅ | ||
| Edit entities | ✅ | ✅ | ✅ | ||
| Delete entities | ✅ | ✅ | |||
| View users and user groups (when granted access or membership) | ✅ | ✅ | ✅ | ||
| Invite new individuals to Admin user group | ✅ | ||||
| Remove individuals from the Admin user group | ✅ | ||||
| Access to Templates | ✅ |
** When an individual is granted a role where Charts or Custom Reports are available the individual will only see entity data they have access to, i.e. if they do not have access to an entity, the entity and any reference to the entity will not be returned for the individual to view. The same applies for the interests People have in entities and transactions.
GROUPS
Groups are a way to increase the efficiency of managing who has access to what data in Athennian.
Entity Groups
Entity Groups are collections of entities that should be managed or viewed by certain individuals (or User Groups) at the same time. Administrators and Users can create Entity Groups, however, Users can only create Entity Groups from entities they already have access to, whereas Administrators can create Entity Groups from scratch in the Admin area of the application.
User Groups
User Groups are collections of individuals (referred to as members once included in a group), who can be granted access to the same entities or entity groups with the same role. Administrators can create User Groups, by granting individuals membership to any number of users. Once an individual is part of a User Group they are granted the same access to all entities and entity groups with the same role.
Note: if an individual is part of a user group and granted higher access to an entity group than the individual’s default role, the default role will take precedence.
AUDIT TRAILS
Knowing the importance to be able to show who has access to what, both currently and historically, there is an option to Export from Users & Groups that generates an XLSX document and lists:
- All individuals and user groups
- User groups list each member
- The date access was granted
- By whom the access was given/user group was created
- The date access was removed (where applicable)
- By whom the access was revoked
- Which Entity Group an individual/user group has access to
In the application, refined audit trails can also be accessed on a per-user, user group, or entity group basis using the Filter feature.
