A Role (or User Type) is a set of permissions that must be assigned to an individual or group of individuals when granting access to an entity or group of entities. The Role assigned defines how an individual with the specific role can interact with the entity(ies) to which they have access.
All individuals invited to Athennian must be assigned a User Type (or Role) upon initial invitation. An individual’s User Type establishes the maximum level of permission an individual can access/action in Athennian. Should an individual require higher permission levels, the User Type can be updated by an Administrator at any point in time.
To gain access to Athennian, an individual must:
- be assigned a Role
- and associated with a Record Group
Individuals can be assigned different roles for different entities. If granted access to the same entity with multiple roles, the highest role will take precedence.
An individual cannot grant a role higher than their own permission level (or the role given to a specific entity or entity group, whichever is lower). In order to gain access to any entity data, individuals must be granted access to entities (either as an individual or via a User Group).
Note: An individual may unintentionally be given a role with higher access to an entity than their User Type. However, the Role granted to an Individual Profile acts as a ceiling that prevents an individual from gaining access to an entity higher than their User Type.
The highest level of permissions. Able to create, manage, and delete all individuals, entities, or groups when granted access.
Upon initial setup, will receive access to an Admin user group and a Global Entity Group, where all entities in Athennian reside.
Note: forbidden from removing access of the Admin user group to the Global Entity Group to prevent unintentionally losing access and management of all entities and user groups.
|Office Admin||Can create, manage, and delete all individuals, entities, or groups when granted access––except within the Admin user group. Can not create or manage individuals in the Global group of Administrators.|
|User||Can create and manage entities when granted access. Can create new entity groups, but can only include entities they already have access to. Can not create new nor manage existing user groups and they can not remove entity groups.|
|Read Only||Can only view entities when granted access.|
|Summary Only||Have a limited view of entities when granted access.|
* Roles can be applied down to an individual entity level. i.e. individual access can be limited on an entity-by-entity basis, however, they can not be applied to sections within an entity nor on an individual field basis.
Permissions Associated with Each Role
|Action||Admin||Office Admin||User||Read Only||Summary Only|
|View entities (when granted access**)||✅||✅||✅||✅||✅|
|Invite new individuals to Athennian||✅||✅|
|Remove access from individuals||✅||✅|
|Create User Groups||✅||✅|
|Create Entity Groups||✅||✅|
|Create new entities||✅||✅||✅|
|View users and user groups (when granted access or membership)||✅||✅||✅|
|Invite new individuals to Admin user group||✅|
|Remove individuals from the Admin user group||✅|
|Access to Templates||✅|
** When an individual is granted a role where Charts or Custom Reports are available the individual will only see entity data they have access to, i.e. if they do not have access to an entity, the entity and any reference to the entity will not be returned for the individual to view. The same applies for the interests People have in entities and transactions.