Manage roles and permission levels
Last updated
Was this helpful?
Last updated
Was this helpful?
Roles can be created (1) in the Roles tab of your project settings:
To manage a role's permissions, click on it (2):
The above screenshot shows your role's details page. This is where you'll be managing all permissions which should apply to all the users assigned to this role.
Permissions are displayed in 2 sections:
Smart Action permissions
Collection permissions
This section lets you to easily manage your Smart Action permissioins (for this role only). Click Show more (1) to display all permissions, or Edit permissions (2) to directly edit its Smart Action permissions.
Trigger: Allow users assigned to this role to trigger this Smart Action
If you are using our approval workflow feature, your approval permissions are also managed within roles.
Require approval: Unlike Trigger, the Smart Action will not be executed unless manually approved
Self Approve: Allow users assigned to this role to approve their own trigger request
Your processes likely depend on your data: for instance, a $1,000 refund is more sensitive than a $10 refund. You probably want to authorize your operators to trigger $10 refunds, but not $1,000 or more. This is now possible within the permissions page:
To achieve this, go to the permissions edit page and click on the filter icon:
Permission changes may take up to 15 minutes to apply.
That's it! Your operators may now refund without approval for an amount up to $1,000, but any refund of a higher amount will require an approval.
Collection permissions allow you to enable/disable the following collection-specific permissions:
Create: create a record of this collection (N.B: the "Duplicate" action is also managed by this permission)
Update: update a record of this collection
Delete: delete a record of this collection
Export: export the list of records of this collection
Default permissions allow you to choose default permissions for each newly created Collection or Smart Action.
Here is the initial configuration for a new role:
Smart Actions:
Trigger
Require approval
-
Approve
-
Self approve
-
Collections:
Read (list)
Read (details)
Create
Update
Delete
Export
From a role's details page, you can also:
toggle which environments users assigned to this role have access to (1)
select which environment you wish to view permissions of or edit them (2)
Only remote environments are available here, since development environments have all permissions.
At anytime you may export your user role permissions to a CSV file by clicking on Export user permissions from the Users tab:
It contains User information (1), Smart Action name (2) and Collection name (3). Granted permissions (4) are as follows:
empty: the user is not authorized to use that Smart Action as part of that team
trigger: the user can trigger that Smart Action
request: the user can ask for an approval to trigger that Smart Action
request/approve: the user can ask for an approval to trigger that Smart Action and can approve requests of this Smart Action except his own
request/approve(self): the user can ask for an approval to trigger that Smart Action and can approve requests of this Smart Action including his own
Setting up role permissions can take a lot of time, especially if you need to do it all over again for another environment.
This is why we've implemented the "Copy role permissions across environments" feature. In a few clicks, you can apply the permissions of all roles of an environment to another environment.
To use it, go to: Project Settings → Roles → Actions.
The permission level of a user determines what Forest Admin administration permissions he has. You can assign one of the following permission levels per user:
Forest Admin permission level
Manage Data
Customize admin UI (activate layout editor)
Manage Environments and Development Workflow actions
Manage Teams, Users, Roles
Admin
Developer
Editor
Manager
User
You can change a user's role or permission level from their details page:
Go to the Users tab of your Project settings
Click on a user in the list
Change the role and/or permission level assigned to that user
Don't forget to save
If your project was created before February 2021, please visit to learn how to enable this feature.
You must be on a to have access to this feature.
The following options become available if you are on the plan or above:
Approve: Allow users assigned to this role to
Read (list): access to the collection's data. Note that the collection must also be to be displayed.
Read (details): access to the (and Summary View) data of any record of this collection.
If the is enabled:
Manage
