Permissions

A permission determines the level of control for a task. For example, do you want users in a role to add, edit, and delete data, or only add and edit data? These actions are controlled by permissions in one of two ways:

  • Customize roles by selecting individual permissions options for tasks, such as View and Add/Edit.

  • Combine tasks and permissions to determine security. For more information, see Manage tasks and permissions to limit access.

Tip: New to security? To understand feature areas, their roles, and how the level of access is determined for a user, see Role-based Security Overview.

When you create or edit a role, select Show permissions to display the permissions for a task. For more information about roles, see Roles.

Tip: The permissions that appear depend on the capabilities your organization uses. You can't add, edit, or remove these.

To limit access to the task, select its permissions. This combination establishes the level of control for the task in the feature area.

Tip: The permissions that appear depend on the capabilities your organization uses. You can't add, edit, or remove these.

In addition:

  • You can identify the number of permissions assigned by reviewing Access to {0} of {0} permissions beside the task name. Examples:

    Access to 0 of 4 permissions indicates you don't have assigned permissions.

    Access to 2 of 4 permissions indicates you have two assigned permissions. When the first number is greater than 0, at least one permission is assigned.

  • You can provide the same level of control for a task by only selecting its permissions. You can select a group of permissions. For example Manage appeal attachments.

    Note: The permissions may look different for your environment. These are broad examples of how permissions work in general.

    When you select permissions as a group, all the permissions in that group are selected and enabled. If you deselect a permission in a group, the permission is disabled and all active groups the permission belongs to are also disabled. If you reselect the permission, the group is not selected. Also, if a new permission is added to the system by Blackbaud, the new permission is included in the group and automatically assigned to a role if the group it is assigned to is enabled. If a permission was assigned as an individual permission, the new permission does not get automatically assigned to a role.

    Or, you can select each permission for a task.

    All options provide users with full access to the task.

  • Make sure you don't inadvertently assign high level permissions, such as Delete, without assigning the applicable lower level permissions, such as View and Add/Edit. If users don't have permissions to view or add and edit a task, they can't delete it even though the permission is assigned.

  • To avoid unintentional access and control, make sure you monitor the individual permissions that enable when you select a task.

    For example, the Manage task provides full access to its features. To limit rights to the task, don't select Manage for the task. Instead, select individual permissions, such as View or Add/Edit, to achieve the level of control for the task.

    Tip: To provide a way for you to easily adjust and change individual permissions as needed, the checkbox for a task permission doesn't select automatically when you select all of its individual permissions.

To apply a permission to a user, assign them a role with access to its tasks. For more information, see Roles.

Tip: Return to Role-based Security Overview.