Permissions
Contents
- Finding out what the default permissions are
- What you can control with permissions
- Reset to defaults
- Checking a person's permissions
- Example: Editing permissions on a field
- Example: Editing permissions on an entity
- Example: Editing permissions on a personal page
- Permission overview and advanced permissions
- Summary
- Entity Permissions
- Field Permissions
- Advanced
- A deeper dive into Permissions
Flow Production Tracking provides advanced permissions to control who can see and do what throughout the system. Permissions are controlled by 'permission roles'; one person is assigned to one role.
The default roles that ship with Flow Production Tracking are:
Admin | Admins have complete control over all operations in Flow Production Tracking (the only exceptions here include modifying things that are required by the system, such as deleting the Template Project). |
Artist | Artists can only see Projects that they are specifically assigned to. Artists can update or edit:
|
Manager | Managers share most functionality with Admins but have certain entities restricted by default. There are no conditional permissions present on the manager default group. |
Vendor | Vendors can only see Projects that they are specifically assigned to. Additionally, Vendors can only see:
|
Admins can create new permission roles.
Select the + New Permission Role button in the upper right of the permissions page.
Give the new permission role a name, a description, and choose a Template. Default permissions will be set for the new permission role based on the template you choose. This saves a lot of time in setting up brand new permission roles.
Whenever you create or duplicate a permission role, give it a good description that explains the role’s purpose. This simplifies permission role audits and helps other administrators understand the purpose of each role. You can also add a description after role creation by editing it.
Finding out what the default permissions are
You can easily find out exactly what your stored default permissions are by following these instructions.
Go to the Admin Permissions page.
Expand a role (e.g., Artist).
Expand 'Reset to Defaults'. Doing this will not reset anything until you select 'Save changes'.
We occasionally change how these defaults work. When these updates occur, we never modify the permissions in use on your site, but we do change the stored defaults. This is documented in the release notes.
Search for a permission
Easily find a permission within the People Permissions page with Search permissions...
What you can control with permissions
- Entity permissions (who can see or create a Note)
- Field permissions (who can see or edit the "Status" field on the Note Entity)
- App permissions (who can see or edit Apps)
- Advanced permissions (misc. control over things like who can save pages where, etc.)
- Reset to defaults
Reset to defaults
From the permissions page, you can reset any permission role back to its default permission state (the exact same default permissions that come bundled with a newly installed version of Flow Production Tracking). Here are the default roles:
- Default Admin
- Default Artist
- Default Manager
There is no default Vendor role.
Resetting a role to one of the stored defaults:
- Go to the permissions page
- Expand the role you’d like to reset
- Expand 'Reset to Default'
- Choose one of the other roles from the dropdown
- Select 'Reset'
You currently cannot reset a group to the default vendor permissions in the UI. If you need to reset to the vendor defaults, please contact support. It is recommended that you make a copy of your vendor group before you edit it.
You can see and edit permissions on individual fields or entities themselves, or in the Permissions area of the Admin menu (for those with permission!).
Checking a person's permissions
To see or modify which permission group a person is in, go to the People page. Each person’s account record has a permissions group field where you can change their permission group, and therefore what changes they’re able to make in Flow Production Tracking.
Double-click into the field to choose the right permission role for each Person. You can also select multiple People, and right-click anywhere in the permission group field on a record. Choose "Edit Selected", and then choose the permission role to apply to everyone in one go.
Example: Editing permissions on a field
This is the most common case for ongoing permission tweaking, so we'll start here. Every field in Flow Production Tracking has two types of permissions on it: who can see the field and who can edit the field.
Who can do this?
Anyone who can edit fields has access to the configure field dialog. Just right-click on the column header of the field (in list mode), select the "Configure field..." option, then click the Permissions tab in the dialog that appears, make your changes, and click 'Update field'. This is good to quickly view or adjust permissions on individual fields, and can be done on any grid page.
If any checkbox in the permission tab is greyed out, this means that the field is either not editable or there is a conditional (advanced) permission rule configured on the field, and it cannot be edited.
Example: Editing permissions on an entity
In the entities section of site preferences, you'll notice a 'Permissions' section. Selecting this loads in all the permissions, by permission role, for that particular entity type—handy when you want to see and edit permissions when dealing directly with an entity. Every entity in Flow Production Tracking has four types of permissions: who can see it, who can create it, who can retire it, and who can edit it.
Entity Permissions from Site Preferences. Every entity listed in site preferences has an expandable Permissions section that allows you to see and edit permissions for that entity.
Changing entity permissions
- From the Site Preferences page, locate and expand the entity you'd like to modify permissions for (e.g., Asset)
- Click to expand the 'Permissions' widget inside the entity section
- Check or uncheck any of the checkboxes for the four categories of entity permissions (see, create, retire, and edit)
- Scroll up to the top of the preferences page and click 'Save Changes'
How entity permissions work
Who can see <entity>
- Controls whether or not a role can view entities of that type. For example, if Artists cannot see the 'Delivery' entity, they will not be able to view pages that list Deliveries.
Who can create <entity>
- Controls whether or not a role can create an entity of a particular type.
Who can retire <entity>
- Controls whether or not a role can retire an entity of a particular type.
Who can edit <entity>
- Controls whether or not a role can ever edit an entity of a particular type. For example, if you set this to
yes
on Artist for the Asset entity type, Artists will be able to edit any Asset field, unless this is overridden in the field permissions. Setting it tono
means that a role won't be able to edit any fields on that entity.
- Controls whether or not a role can ever edit an entity of a particular type. For example, if you set this to
Example: Editing permissions on a personal page
While in Design Mode on a global page (a page not assigned to a Project), you can choose to either share that page with “No One” (so it’s private), or “Everyone”, then pick the permission groups who can see it.
While in Design Mode on a page that is assigned to a Project, you can also pick the permission groups who can see it.
Page permissions only control the visibility of the page in the Pages menu. Page permissions do not control visibility of the data on a page.
Permission overview and advanced permissions
If you would like to access a single place to view or change permissions of any kind, go to the Admin Permissions page. From here, you can edit entity permissions, field permissions, app permissions, reset roles to default settings, and assign advanced administrative access (like who can set permissions or save pages).
About the Permissions page
Each enabled permission role (e.g., Admin, Artist, Manager, and Vendor) shows up on the Permissions page with the following expandable options:
- Summary
- Entity Permissions
- Field Permissions
- App Permissions
- Advanced
- Reset to Defaults
Summary
The summary shows you a breakdown of permissions for a role.
This breakdown can be a little technical—be sure to dive deeper into permission summaries.
Entity Permissions
This shows all enabled entities, broken down by permission role. For each entity, it shows the see, create, delete, and edit permissions for that role.
Greyed out checkboxes indicate that there's a conditional (advanced) permission rule for that operation (e.g., Artists can only edit Timelogs they are linked to and edit fields on Notes they have created).
Example: Allowing Artists to create Tasks
Go to the Permissions page
Expand the 'Artist' role
Expand 'Entity Permissions'
Locate the 'Task' entity type, then check the 'Create' checkbox
Scroll all the way up and select 'Save Changes'
All people in the Artist role from this point on will be able to create Tasks
Field Permissions
Field Permissions are broken down by permission role, then by entity type. They show the See and Edit permissions by field for a given permission role. By default, permissions on entity fields are inherited from the entity-level permissions. For example, if you configure the Artist role to be able to Edit the Task entity, they'll also be able to edit any Task field (with certain exceptions), unless explicitly prohibited.
The following types of fields can never be configured to be editable:
- Read-only fields (e.g., all Id fields, all audit fields like Created by and Date Created, and calculated fields like Open Notes Count and Smart Cut fields on Shot)
- Fields with conditional permissions (e.g., Task Status for Artists)
Greyed out checkboxes indicate that the operation (for example, Edit Asset > Created by) is protected as the field is read-only (in the case of audit fields), or that the operation is protected by a conditional (advanced) permission rule. To find out why a particular field isn't editable, hover over it to see a tooltip.
Example: Allowing Artists to edit the Asset Description field
Go to the Permissions page
Click to expand the Artist role
Click to expand 'Field Permissions'
Click to expand the 'Asset' entity type
Locate the 'Description' field, then check the 'Edit' checkbox
Scroll all the way up and click 'Save Changes'
All people in the Artist role from this point on will be able to edit the Description field on an Asset
Advanced
Use these preferences to control access to more specific administrative features, described below.
Advanced Permission | Advanced Permission Name | Description |
---|---|---|
Access Admin Functionality | This checkbox preference only gives access to admin UI options. Full access to admin functionality (e.g., unretiring entities) may require specific permissions adjustments on a per-entity basis. Learn more about Access Admin Functionality here. | |
Show Webhooks | When enabled, users can see the Webhook Admins screen (via the Admin menu) and make Webhooks API requests. | |
Hide and unhide fields in Projects | When enabled, users can edit the visibility of fields in a Project via field configuration and through Project Settings. | |
Show all Action Menu Item activity | When enabled, users can see all Event Log Entries generated by users when using Action Menu Items. | |
Generate logs for Toolkit activity | If using Toolkit, then there are certain actions that create EventLogEntries via the API. Allowing the creation of these EventLogEntries prevents Toolkit from breaking while keeping the default of not being able to create entities. For more information, visit the Toolkit community. | |
Edit global formatting | Only users with this permission will be allowed to create Global Formatting rules, which affect formatting on every page in Flow Production Tracking. | |
Edit Work Schedules | When enabled, users will be able to edit Work Shedules. | |
Show "Other" menu in Project navigation | When enabled, users see the "Other" menu dropdown in the Project Navigation bar. | |
Show saved filters | When enabled, users can see and select saved filters in the filter panel. | |
Edit project navigation | When enabled, users can configure and edit what is visible in the Project Navigation bar. | |
Create and save project pages | When enabled, users will be able to add new pages or save existing ones to a Project. | |
Edit form layouts | When enabled, users can save and edit the layout of entity creation forms. | |
Edit built-in "Home" page | When enabled, users can save and edit the system "Home" page. Note: At one point, everybody had the same customizable Home Page, but now that users can configure their own Home Page via Account Settings, this permissions only applies to the original customizable Home Page. |
|
Edit default filters and sorting in "My Tasks" | When enabled, users can edit and save the default sorting in "My Tasks". | |
Set defaults for project navigation pages and entity detail pages | When enabled, users can save pages within a Project that are accessed from the Project navigation bar as well as entity detail pages. | |
Set defaults for shared global pages (includes people page) | When enabled, users can edit and save 'Shared' pages belonging to anyone which includes the People Page. | |
See all projects | When enabled, users can see every Project in Flow Production Tracking. When unchecked, users will only have access to Projects (including data linked to those Projects) that they are linked to via the Project field on their Person record. | |
Perform action as though logged in as another user | When enabled, users can assume the identity of other users. When enabled for an API permission role, the sudo_as_login variable may be used when establishing a Flow Production Tracking connection. |
|
Show the Overlay Player | When enabled, users can access the Overlay Player to review uploaded media in Flow Production Tracking, provide feedback with Notes and annotation tools, and see related media. |