Skip to main content

Permissions

Give users access to features and data

Manage user access to Alloy's features and your organisation's data using permission groups and roles:

  • A group is a set of permissions that grant access to certain objects in one or more data categories. These include Alloy features such as layers, item forms and workflows, along with the designs and interfaces in your customer project. You can even set permissions on individual attributes! Various system groups are provided to help you get started.

    For example, the Defect Viewers system group gives read only access to the Defects interface, the Defect Statuses design and the Defect Status layer.

  • A role is a combination of groups and users. It typically represents a position, persona or responsibility within your organisation. Once you've set up your permission groups, you can add any number of them to a role, and the role's users will inherit those combined permissions.

    For example, an Asset Inspection role might include the Defects Managers, Inspection Managers and Job Viewers groups.

You can then grant permissions to users by adding them to one or more roles.

A diagram illustrating the relationships between users, roles and groups
Note

Only users in the Admins group can create and manage users, groups and roles.

Roles vs Groups

While users can be assigned directly to groups, we recommend assigning them to roles where possible (even if it means having a role with just one group). This builds in flexibility that'll make permissions management easier as your organisation evolves:

  • If a user's responsibilities change, it's easier to edit a few roles than many groups.

  • If a new group is created (e.g. to cover a new asset class), it's easier to add the group to a few roles than to many users.

Access policies

This advanced feature lets you extend your permissions with item-based access control rules.

If a group has the Read permission enabled for a design/interface, the group can view all items of that design/interface. To limit which items can be accessed, you can then use access policies to make item access conditional, according to their attribute values. To learn more, see Access policies.

Note

Only users in the Admins group can configure access policies.