Skip to main content

Set permissions

Configure group access to features

Use the Permissions Explorer to control which groups can access specific features. Select a group and a feature category, then choose an object within that category to view and edit the group's permissions for it.

Most categories have a single permission with three levels. Designs and Interfaces offer more granular control, including per-attribute overrides.

IconCategoryWhat it controls access toPermission style
DesignsItems of specific designs and their attributesGranular
InterfacesItems of designs that implement specific interfaces and inherit permissionsGranular
LayersMap data layers3-level
BasemapsMap background imagery3-level
BoardsKanban boards for tracking item status/progress3-level
HubsData dashboards with item counts and graphs3-level
Item canvasesItem section layouts3-level
Item formsItem attribute layouts3-level
ListsDynamic item lists3-level
Meshes3rd party integrations included with modules3-level
WorkflowsAutomated action sequences3-level
info

There is no Apps category. Instead, app access is granted through system groups.

Some apps provide a Share with action, letting users share Boards, Lists, Hubs and Item canvases with other users. Setting permissions here works the same way, but for groups rather than individuals.

Set a permission level

For most categories:

  1. If it helps, select a role to highlight its groups.

  2. Select a group and then a category, e.g. Layers.

  3. Select a category object in the next column, e.g. a specific layer. To filter the column by keyword, use its top search box.

  4. In the Permissions panel, choose one:

    • No access (default) - the group cannot see or use the object.

    • Read-only - the group can see and use the object, but cannot edit it.

    • Read and write - the group can see, use and edit the object.

  5. Select Save at the bottom to finish.

Each object with configured permissions is raised and highlighted with a coloured Lock badge that indicates its permission level. This lets you see at a glance what permissions the group has in the selected category.

The three-pill permissions panel for a basemap

When permissions aren't editable

You can only change permissions on groups your organisation has created.

If you select a system group, or a role on its own, the permissions are shown but the controls are disabled. This is because system groups have fixed permissions, and roles inherit the winning permission from their groups.

How permissions combine

When a user belongs to multiple groups (directly or via roles), the highest permission level wins:

  • Group A (No access) + Group B (Read-only) = User (Read-only)

  • Group X (Read-only) + Group Y (Read and write) = User (Read and write)

This means you can't remove access by adding a more restrictive group. If a user shouldn't have access to something, they shouldn't belong to any group that grants it.

info

Designs and interfaces combine a little differently, as permissions can be inherited from interfaces. See How permissions combine.