Member’s access to Boards is controlled by Board Permissions. This article will show what each permission is composed of and how to assign these permissions to Members at an Application level, as well as a Board Level.
Table of Contents
What are the different Board Permissions?
There are three different Board permissions, Can open, Can comment, and Can configure. There is also a None option which removes all Board permissions.
- Can open - This permission allows a Member to open a Board.
- Can comment - The Member will be able to open the Board, and utilize the comment functionality to participate in conversations.
- Can configure - Members will be able to open, comment, and access the Edit Board button to be able to add widgets. They can also use the additional options to limit certain functionalities.
- None - Members have no permissions on the board.
The above means that the ‘highest’ permission level on a given board which grants the most allowable actions is Can configure, followed by Can comment, and finally Can open.
Members with the Can configure permission now have the ability to limit certain Board functionalities to Members with Can comment and Can open. There are two groups of functionality that can be limited.
Block exploration - These features allow Members to dive into the details of calculations, including Drill down functionalities and Block details and settings.
View customization - These features allow Members to customize their views while in an active session. The changes they can make with these features will not be seen by other users and will not remain after their session expires.
The additional options settings are Board specific, meaning when applied, they only apply to that particular Board. By default, these options are turned on and all new Boards will have them turned on.
Follow the steps below to limit access.
How can I see who has access to a Board?
All Members can click on the “…” menu and select Members’ access at the top of every Board to see Member’s permissions. This modal will show all the Members who have a role in this Application, along with their permission level.
They can also use the Copy link button to send a link to the Board. This will not grant access to the Board but can be used to send to Members who already have access.
Members with the Define Application Security Permission will also see the Permissions Metrics that define that Board’s access in that modal.
How are Board permissions assigned to Members?
There are two ways to assign Members access to Boards; through their Role or through a Permissions-type Metric. The Board permission set through Roles will be the default setting for all Boards. This means if a Member is given the Can configure permission as part of their Role, by default they will have that level for all Boards within the application. The board permission granted on the Role dimension is applied on all boards within the application by default via the Users Role metric.
To adjust or view the Boards Permission level assigned to a Role, you must have the Define Application Security Permission.
The default permission for Boards is set in the Member’s Role.
From within the Roles list in the Security Folder, you can view the Board permission level for each role at the bottom.
When a Member is assigned a Role the Board permission associated with that Role will be their default setting for all Boards.
Members with the Admin role will always have the Board permission of Can configure. This can’t be adjusted.
How to use a Metric to define permissions for specific Boards?
The default setting for every Board is established through Roles, and applied via the Users Role metric. You can customize individual Board’s permissions through Metrics with the data type set to Permission. Here are some key points when setting using another Metric.
- Metric must have a Data type of Permissions and use the Users list.
- If multiple Metrics are used (including the Users roles) the highest level of permission will be granted. For example, if one Metric has a user with None and another with Can configure, the Member will have the Can configure permission. The hierarchy of board permissions from lowest to highest level is (1) Can open, followed by (2) Can comment, and the highest level is (3) Can configure.
None indicates that the Member does not have any permissions on the board, which means that if there is another permission Metric that exists granting permission to access the board (e.g. either the default permissions in Users Role Metric OR another board permission Metric), the Member will have that permission applied on the board.
- In order to remove default permissions from an individual board, you can remove the Users roles Metric from the board via the “Share” link at the top of each board. There must always be a Metric applied on a board. If the Users role metric is removed, you will gain a new section on your Security home page that showcases which Boards it has been removed from. The Users roles Metric can also be restored at any time.
- If default permissions are removed from a Board (by removing the Users roles metric), the new Metric applied will determine all Board permissions for that Board.
How to apply a Board permission Metric
- First create a new Metric with the User list and set the Data type to Permissions.
- Set the desired access for each Member
- Navigate to the Board you want to apply this to.
- Click the “…” menu in the top right of the Board.
- Select Members’ access
- Click + Add Metric and select your new metric.
- If you only want Board permissions from this Metric to apply, click the Remove icon next to the Users Role Metric. This will remove all default access given through roles. If you keep this Metric, the highest level of permission in either Metric will apply to each Member.
If you want to apply this new Metric to multiple Boards at once, you can navigate to Additional rules for Boards in the Security page for an Application. From here you can click + Add a rule of Permissions for Boards, select the Metric and the Boards it should Apply to.
How to view all Metrics used in Board Permissions
The Security page in an Application has two sections that will show you how your Board Permissions are configured.
Complement these permissions with rules for Boards
This section will show all Metrics that are used to apply Board permissions, it will also showcase which Boards these Metrics are applied to.
Boards without default permissions applied
When the default role is removed from a particular board, a new section will appear in the security settings page to easily help you identify which boards this applies to. If the User roles Metric is used in all Boards, this section will not be visible.