1. Knowledge Base
  2. Application Administration

User Access Overview (roles and permissions)

Control the access of users to various features including account settings, forms and companies.

Access or permission is granted at several different levels within Rulestar, reflecting the application's different features and use-cases.  In general, access is regulated through assigning roles to users, with different roles required to perform different actions.  In this article, we will cover the different types of roles and how to manage the permissions of users.

 

Application roles

When a user is created, they are assigned an application role of either 'Application Administrator' or 'Basic'. 

The Basic role, given to users by default, grants only minimal access.  Basic users can create new forms, folders and companies (at which point they will become Form Administrators of those forms and folders and will have access to those companies.  See also note below).  In turn, they will have access to any submissions and payments associated with those forms and companies.

Users with the application Administrator role have unrestricted access to the application.  In addition to the permissions of Basic users, Administrators will have the ability to manage (i.e. create, edit and delete) users and groups, companies, create reports, change account settings as well as manage all the forms and folders (and any associated submissions and payments) in the library.

 

Form and Folder Roles

Access to forms is tiered into 'Administrator', 'Editor' and 'Viewer' roles.  Application Administrators are automatically assigned the Form Administrator role for all forms and folders.

When a new form is created, the user who created the form is automatically assigned the role of Form Administrator.  Administrators can make unrestricted changes to the form itself as well as all of a form's settings.  They will still only be able to see the submissions and payments of only those companies to which they have access in addition to those of other application users.  Form Administrators can create embed codes for any companies to which they themselves have access and grant access to other application users.

Users with the Form Editor role can make functional changes to a form (that includes editing fields, named ranges, replacement rules and the template) but will not be able to publish forms or change any of its settings.  Editors are also unable to create embed codes for the form or assign access [to the form] to other users or companies.

Users with the Form Viewer role will be able to view the published version of a form in the builder as well as preview the form but will not be able to make any changes.

Roles for folders have the same names as forms and the entitlements are largely the same, too.  Giving a user a role for a folder gives them that role for all of the forms in that folder.  If a user is given a role for a form inside a folder for which they also have a role, their permission will be equivalent to the higher of the two roles (the hierarchy is the same as the order in which the roles are listed above).

Users with the Form Administrator role for folders have several additional permissions:

  • edit the icon associated with a folder; and
  • create and import forms inside those folders where they have the Form Administrator role on the imported form.

Note: To create Forms and Folders, a Basic user must have the Administrator role for at least one folder and they will only be able to create Forms and Folders in that particular Folder (or any sub-folders).

 

Company Access

Access to companies in the application is binary - either a user has access, or they do not (i.e. there are no 'roles').  Application Administrators have access to all companies whilst Basic users must be granted access to each company.  Access to companies and form roles are independent.

A Basic user or a group of users can be granted access to a company in two ways:

  1. Through the 'Companies' page (as seen below) by clicking on the General tab and then the 'Access' menu item.  This will show a list of Users/Groups (switch between them using the buttons above the table) who can be given access using the dropdown menu in the Role column.
  2. Through the Users page which is explained under Managing User Permissions below.

Users with access to a company can make changes to the company's profile and settings and assign access to other users.  They can also grant the company access to any form for which they themselves have the Form Administrator role.

 

 

Managing User Permissions

As Application Administrators have universal access, we will only discuss allocating permissions to Basic users.  Permissions are primarily managed via the Users and Groups pages which are accessible via Rulestar's main menu.  Permissions can also be managed for individual forms and companies through their relevant pages, but we'll focus on the 'Users' page as this is a centralised location for managing all of a user's permissions.  As the process for allocating permissions is identical for both Users and Groups, we'll refer to just Users in this article. For more information on groups, please read the Groups Knowledge Base article.

Open the permissions page by clicking the 'edit' icon on the Users page (see above).  From here, you can see a user's application role (top-left of the page) and permissions for each of folders, forms, groups and companies (sitting in their respective tabs).  Again, we'll focus on the Forms and Companies tabs to avoid repetition.

Unless a user has no roles, the Forms tab shows only the forms for which the user already has a role.  Thus, to allocate additional roles, it's necessary to switch the toggle in the top-right corner of the table to show all the forms in the library (see image below).

Roles can be granted through the dropdown selector for each form.  Note that a user may inherit a role from either a folder or a group.  This is indicated with an icon and prevents the user from being granted a role lower than their inherited role.  Inherited roles cannot be removed without removing the role from the source (i.e. remove the role granted in the 'Folders' or 'Groups' tabs).

In order for a user's permissions to be updated, you must click the 'Save' button after any changes.