Permissions

A permission determines the level of control for a task. For example, should users in a role be able to add, edit, and delete data, or only to add and edit data? Permissions control actions in one of two ways:

  • Customize roles by selecting individual permissions options for tasks, such as View and Add/Edit.

  • Combine tasks and permissions to determine security. For more information, see Manage tasks and permissions to limit access.

To learn about feature areas, roles, and how a user's level of access is determined, see Role-based Security Overview.

When admins create or edit a role, selecting Show permissions displays the permissions for a task. For more information about roles, see Roles.

Permissions for a task
Permissions for a task

The permissions depend on the capabilities that the church uses. Admins can't add, edit, or remove permissions.

To limit access to the task, select its permissions. This combination establishes the level of control for the task in the feature area. The permissions depend on the capabilities that the church uses. Admins can't add, edit, or remove permissions.

  • You can identify the number of permissions assigned by reviewing Access to {0} of {0} permissions beside the task name. Examples:

    Access to 0 of 4 permissions indicates you don't have assigned permissions.

    Access to 2 of 4 permissions indicates you have two assigned permissions. When the first number is greater than 0, at least one permission is assigned.

  • You can provide the same level of control for a task by only selecting its permissions. You can select a group of permissions. For example Manage appeal attachments.

    Note: The permissions may look different for your environment. These are broad examples of how permissions work in general.

    When you select permissions as a group, all the permissions in that group are selected and enabled. If you deselect a permission in a group, the permission is disabled and all active groups the permission belongs to are also disabled. If you reselect the permission, the group is not selected. Also, if a new permission is added to the system by Blackbaud, the new permission is included in the group and automatically assigned to a role if the group it is assigned to is enabled. If a permission was assigned as an individual permission, the new permission does not get automatically assigned to a role.

    All permissions selected and enabled
    All permissions selected and enabled

    Or, you can select each permission for a task.

    Selected permissions per task
    Selected permissions per task

    All options provide users with full access to the task.

  • Make sure you don't inadvertently assign high-level permissions, such as Delete, without assigning the applicable lower level permissions, such as View and Add/Edit. If users don't have permissions to view or add and edit a task, they can't delete it even though the permission is assigned.

  • To avoid unintentional access and control, make sure you monitor the individual permissions that enable when you select a task.

    For example, the Manage task provides full access to its features. To limit rights to the task, don't select Manage for the task. Instead, select individual permissions, such as View or Add/Edit, to achieve the level of control for the task.

    To provide a way to easily adjust and change individual permissions, the checkbox for a task permission isn't selected automatically when you select all of its individual permissions.

To apply a permission to a user, assign them a role with access to its tasks. For more information, see Roles.

Tip: Return to Role-based Security Overview.