Understanding Roles and Permissions in Access

Amy Carr
Amy Carr
  • Updated

A Role (or User Type) is a set of permissions that must be assigned to an individual or group of individuals when granting access to an entity or group of entities.  The Role assigned defines how an individual with the specific role can interact with the entity(ies) to which they have access.  


All individuals invited to Athennian must be assigned a User Type (or Role) upon initial invitation.
 An individual’s User Type establishes the maximum level of permission an individual can access/action in Athennian.  Should an individual require higher permission levels, the User Type can be updated by an Administrator at any point in time.  


To gain access to Athennian, an individual must:

  • be assigned a Role
  • and associated with an Access Group


Individuals can be assigned different roles for different entities.  If granted access to the same entity with multiple roles, the highest role will take precedence. 

An individual cannot grant a role higher than their own permission level (or the role given to a specific entity or entity group, whichever is lower).  In order to gain access to any entity data, individuals must be granted access to entities (either as an individual or via a User Group). 

Note: An individual may unintentionally be given a role with higher access to an entity than their User Type.  However, the Role granted to an Individual Profile acts as a ceiling that prevents an individual from gaining access to an entity higher than their User Type.

Athennian Roles

Role*
Admin

The highest level of permissions.  Able to create, manage, and delete all individuals, entities, or groups when granted access.  


Upon initial setup, will receive access to an Admin user group and a Global Entity Group, where all entities in Athennian reside.


Note: forbidden from removing access of the Admin user group to the Global Entity Group to prevent unintentionally losing access and management of all entities and user groups. 

Office Admin Can create, manage, and delete all individuals, entities, or groups when granted access––except within the Admin user group.  Can not create or manage individuals in the Global group of Administrators.  
User Can create and manage entities when granted access.  Can create new entity groups, but can only include entities they already have access to.  Can not create new nor manage existing user groups and they can not remove entity groups. 
Read Only Can only view entities when granted access. 
Summary Only Have a limited view of entities when granted access.  

* Roles can be applied down to an individual entity level.  i.e. individual access can be limited on an entity-by-entity basis, however, they can not be applied to sections within an entity nor on an individual field basis.

 

Permissions Associated with Each Role

Action Admin Office Admin User Read Only Summary Only
View entities (when granted access**)
Invite new individuals to Athennian      
Remove access from individuals      
Create User Groups      
Create Entity Groups      
Create new entities    
Edit entities    
Delete entities      
View users and user groups (when granted access or membership)    
Invite new individuals to Admin user group        
Remove individuals from the Admin user group        
Access to Templates        

** When an individual is granted a role where Charts or Custom Reports are available the individual will only see entity data they have access to, i.e. if they do not have access to an entity, the entity and any reference to the entity will not be returned for the individual to view.  The same applies for the interests People have in entities and transactions.