Manage roles and permission levels
Roles
This feature is only available to the Admin permission level.
Roles can be created (1) in the Roles tab of your project settings:
To manage a role's permissions, click on it (2):
If your project was created before February 2021, please visit this page to learn how to enable this feature.
The above screenshot shows your role's details page. This is where you'll be managing all permissions which should apply to all the users assigned to this role.
Permissions are displayed in 2 sections:
Smart Action permissions
Collection permissions
Smart Action permissions
This section lets you to easily manage your Smart Action permissioins (for this role only). Click Show more (1) to display all permissions, or Edit permissions (2) to directly edit its Smart Action permissions.
Trigger: Allow users assigned to this role to trigger this Smart Action
Approval workflow permissions
You must be on a Forest Admin Pro plan to have access to this feature.
If you are using our approval workflow feature, your approval permissions are also managed within roles.
The following options become available if you are on the Pro plan or above:
Require approval: Unlike Trigger, the Smart Action will not be executed unless manually approved
Approve: Allow users assigned to this role to approve a trigger request
Self Approve: Allow users assigned to this role to approve their own trigger request
Conditional permissions
In addition to the Pro plan, this feature requires a minimum agent version to be installed.
Your processes likely depend on your data: for instance, a $1,000 refund is more sensitive than a $10 refund. You probably want to authorize your operators to trigger $10 refunds, but not $1,000 or more. This is now possible within the permissions page:
To achieve this, go to the permissions edit page and click on the filter icon:
Permission changes may take up to 15 minutes to apply.
That's it! Your operators may now refund without approval for an amount up to $1,000, but any refund of a higher amount will require an approval.
The same feature is available for Trigger and Approve permissions: use the corresponding filter icons to input the conditions you want.
Collection permissions
Collection permissions allow you to enable/disable the following collection-specific permissions:
Read (list): access to the collection's Table View data. Note that the collection must also be shown in the layout to be displayed.
Read (details): access to the Details View (and Summary View) data of any record of this collection.
Create: create a record of this collection (N.B: the "Duplicate" action is also managed by this permission)
Update: update a record of this collection
Delete: delete a record of this collection
Export: export the list of records of this collection
Default permissions
Default permissions allow you to choose default permissions for each newly created Collection or Smart Action.
Here is the initial configuration for a new role:
Smart Actions:
| Permission | Value |
|---|---|
Trigger | |
Require approval | - |
Approve | - |
Self approve | - |
Collections:
| Permission | Value |
|---|---|
Read (list) | |
Read (details) | |
Create | |
Update | |
Delete | |
Export |
For projects with high security standards, although this involves more frequent manual activation, it is advisable to reduce these default permissions, at least for your production environment. Il will avoid excessive accesses being automatically granted to operators, when a new Collection or Smart Action is released.
Control environment access per role
From a role's details page, you can also:
toggle which environments users assigned to this role have access to (1)
select which environment you wish to view permissions of or edit them (2)
Only remote environments are available here, since development environments have all permissions.
Export role permissions
At anytime you may export your user role permissions to a CSV file by clicking on Export user permissions from the Users tab:
It contains User information (1), Smart Action name (2) and Collection name (3). Granted permissions (4) are as follows:
empty: the user is not authorized to use that Smart Action as part of that team
trigger: the user can trigger that Smart Action
If the approval workflow module is enabled:
request: the user can ask for an approval to trigger that Smart Action
request/approve: the user can ask for an approval to trigger that Smart Action and can approve requests of this Smart Action except his own
request/approve(self): the user can ask for an approval to trigger that Smart Action and can approve requests of this Smart Action including his own
Copy role permissions across environments
Setting up role permissions can take a lot of time, especially if you need to do it all over again for another environment.
This is why we've implemented the "Copy role permissions across environments" feature. In a few clicks, you can apply the permissions of all roles of an environment to another environment.
To use it, go to: Project Settings → Roles → Actions.
Permission level
The permission level of a user determines what Forest Admin administration permissions he has. You can assign one of the following permission levels per user:
| Forest Admin permission level | Manage Data | Customize admin UI (activate layout editor) | Manage Environments and Development Workflow actions | Manage Teams, Users, Roles |
|---|---|---|---|---|
Admin | ||||
Developer | ||||
Editor | ||||
User |
Manage a user's role and permission level
You can change a user's role or permission level from their details page:
Go to the Users tab of your Project settings
Click on a user in the list
Change the role and/or permission level assigned to that user
Don't forget to save
Last updated
