Skip to main content

Permissions Explorer

Control access to data and features

The Permissions Explorer lets admins control what groups can see and do across CausewayOne Asset Management. Use it to:

  • manage roles and groups

  • select a group and configure its permissions across various categories

  • see how roles, groups and category objects relate to each other

To get started, select Permissions on the start screen.

An overview of the Permissions Explorer with key areas numbered

Key features

The Permissions Explorer is organised into columns.

1 Roles

The roles in your company project. A role is a bundle of groups that provides a combined set of permissions.

Roles let you define access by position, persona or responsibility. This is simpler than adding a user to multiple groups. Future maintenance is also easier, as adding or updating groups will affect all users with the role.

When permissions are combined, the highest level on each category object wins. Access is cumulative; a lower level can't remove access that a higher one grants, e.g. Group A (No access) + Group B (Read-only) = Role AB (Read-only).

Select a role to highlight the groups it contains and the categories they configure. With no group selected, select a highlighted category to view the winning permissions inherited by the role.

To learn more, see Manage roles and groups.

info

For example, a Highways Inspector role could include the Carriageway Viewers, Defect Managers and Mobile Users groups.

2 Groups

The groups in your company project. A group is a set of permissions for specific objects in various categories.

Where possible, keep each group small and focused on one set of related permissions. Narrow groups are easier to understand, reuse across roles, and audit when access needs to change.

Select a group to highlight the roles it belongs to and the categories it configures. Select a category and then an object to open its permissions.

To learn more, see Manage roles and groups.

info

For example, a Carriageway Viewers group could grant read access to the Carriageways design, along with related layers, lists and hubs.

3 Categories

Your Asset Management features are organised into categories. Each category contains objects that you can control access to.

Select a category to list its objects in the next column.

List of categories
IconCategoryWhat it controls access toPermission style
DesignsItems of specific designs and their attributesGranular
InterfacesItems of designs that implement specific interfaces and inherit permissionsGranular
LayersMap data layers3-level
BasemapsMap background imagery3-level
BoardsKanban boards for tracking item status/progress3-level
HubsData dashboards with item counts and graphs3-level
Item canvasesItem section layouts3-level
Item formsItem attribute layouts3-level
ListsDynamic item lists3-level
Meshes3rd party integrations included with modules3-level
WorkflowsAutomated action sequences3-level

4 Objects

This column appears when a category is selected. It lists the corresponding objects in your company project. To filter the list, use the top search box.

Select an object to highlight groups with permissions configured for it (and the roles containing them).

With a role or group selected, each of its configured objects is highlighted with a coloured lock badge to indicate its permission level. Select an object to open its permissions in the Permissions panel.

5 Permissions panel

This panel appears when a role/group and object are both selected:

  • With only a role selected, the panel is read-only and shows the combined permissions inherited from its groups.

  • With a group selected, the panel is editable and shows that group's permissions.

The options in the panel depend on the selected category:

  • Most categories have three levels: No access, Read-only or Read and write. See Set permissions.

  • Designs and interfaces have more granular permissions: Create, Read, Edit and Delete. Individual attributes are also configurable. See Set DoDI permissions.

Select Save at the bottom to finish.

info

If a role or system group is selected, this panel is read-only and its controls are disabled.

6 App bar

The following actions are available in the app bar:

  • Related access policies - with a group, design or interface selected, list any access policies targeting the current selection. If both a group and design/interface are selected, only policies that target both are shown. Select a policy to open it.

  • Deselect all - clear your current selections across all columns.

Select up to one thing in each column:

  • Role <-> Group - select a role to manage its groups, or a group to see its linked roles.

  • Role -> Category -> Object - view the combined permissions inherited by the role from its groups (read-only).

  • (Role ->) Group -> Category -> Object - view and configure the group's permissions.

  • Category -> Object - highlight groups with permissions configured for the object (and the roles containing them).

To start over, select Deselect all.

Connections

When you select something, related things in other columns are raised and highlighted with badges:

  • Link badge - this role contains the selected group, this group belongs to the selected role, or this category contains an object the selected group/role has permissions for.

  • Lock badge (purple) - this role or group contains permissions for the selected object.

  • Lock badge (coloured) - this object has permissions configured for the selected group. The colour indicates the level: red for No access, yellow for Read-only, green for Read and write.