Table Permissions Wizard
The Table Permissions wizard enables you to configure the permissions for each table in a knowledgebase for a given group. The wizard is accessed from the Tables tab of the Group Permissions wizard by editing a table from the list. For more information on configuring table permissions for groups, see Set Group Table Permissions.
Table permissions are saved individually, independent of changes made in the overall wizard.
General Tab
The General tab controls the most basic table permissions: whether the group has access to the table at all, whether the table appears in the navigation menu, and, if applicable, whether these changes apply to subtables.
Table access allows users to create records with Custom Hotlinks; view the table's charts and reports; and select table records in a linked field.
In most cases, you can allow access to the table and use the "Show table on the Toolbar?" option to control whether users can open the table and work with its records. Set the "Show table" option to No to hide the table on the user's navigation menu, even if the navigation menu is configured to include the table. This makes it easy to use a shared navigation menu while still controlling which tables appear for different user groups.
Table Permissions and Security
Security is built into the core of the system and enforced consistently. Users who do not have access to a table cannot see records and data from that table. This seems obvious, but it can have important implications for tables and permissions.
Example
Consider the Assigned Team field in the Service Requests table. This field is displayed as a drop-down list containing each team name, and it's linked to the Team Name field in the Teams table. Users will not be able to choose a team from the drop-down list or even view the list at all unless they belong to a group with access to the Teams table. That is, they must be granted access to the Teams table and have view permission to the table's records and the Team Name field.
However, if the Assigned Team field in the Service Requests table already has a value selected, the user will be able to see the value if they have view permission to that field, even if they don't have access to the Teams table. They just won’t be able to interact with the field by choosing a new value.
This is also an example of a situation when you might want to give a group access to a table but not show the table on the toolbar.
Menu Permissions Tab
The Menu Permissions tab specifies group permissions for menu items like views and saved searches. For more information, see Set Menu Permissions.
Record Permissions Tab
The Record Permissions tab specifies the group's record permissions for the table. These include creating, deleting, editing, viewing, mass editing, quick editing, and viewing FAQs for the records. For more information, see Set Record Permissions.
Setting record-level permissions with the Table Permissions Wizard is best suited for defining permissions that a particular group has for multiple tables. If you want to set record-level permissions that multiple groups have for a particular table, you can use the Table Wizard to set which groups can view, edit, and delete records in that table.
- The table’s ownership settings are displayed at the top of the screen. For edit, delete, and view permissions, each permission is based on whether the group can act on records that they own, records that other people own, or both. You can change a table's ownership settings on the Permissions tab of the Table wizard.
- Permissions for editing, deleting, and viewing records can all be controlled with separate saved searches. To allow group members to interact with every record in the table for a given permission, select All.
- For a user to edit a record, they must first have view permission for that record. Even if the edit permission options are selected, users won't be able to edit records if they can't view them.
- The "Edit other people's records" permission is only available for Power User groups. End User groups can only edit their own records.
- Edit permissions have several additional options:
- Mass Edit multiple records in [Table] in a single operation: controls whether the group can edit multiple records at once.
- Quick Edit records from the Table View: sets whether the group can edit records directly from the table view.
- Link multiple records using the Link menu: controls a group's ability to link records together using the Actions > Link action on a table's action bar.
- Generate documents using the printer icon: determines whether a group can print selected records, either to a physical printer or PDF.
- Make Comments: determines whether a group sees the Comments button in the records in this table, and whether they can add, edit, and delete their own comments in the pane.
View permissions also have a few additional options:
Export multiple Contracts to a file: controls whether a group can export records from the table.
Show conversion button on menu action bar: determines whether a group sees the Convert button on the table's action bar.
- Allow interaction with conversion rules: defines whether a conversion action that is supposed to bring up the new record screen will actually do that. If the permission is not granted, and a user in this group runs a conversion action, it will just run in the background and create the record without showing it to the user.
Record Permissions Summary
The options selected on the Record Permissions tab are displayed in Record Permissions column on the Tables tab of the Group Permissions wizard. The permissions are grouped into one line each and are separated by commas. For instance, View Own: All means that the All checkbox was selected. View Own: SS means that the Saved Search checkbox was selected.
If the permission has not been selected, it will not appear in the list. This allows you to scan the table view to see what permissions have been granted without having to read through all the permissions.
Field Permissions Tab
The Field Permissions tab allows you to set the group permissions for each field in a table, which are broken down by records that one owns and records that other people own. This enables you to set a very granular level of permission for the table for each group. For more information, see Set Field Permissions.
Setting field-level permissions with the Table Permissions Wizard is best suited for defining permissions that a particular group has for multiple fields. If you want to set field-level permissions that multiple groups have for a particular field, you can use the Table wizard to set how groups can interact with that field.
Related Tables and Field Permissions
Field permissions are especially important when using Related Tables. In many cases, you may want to prevent certain groups from adding or removing records from a Related Table. To do so, remove a group's Edit permissions for the fields in the linked set in the source table. This prevents the Lookup icon from working to link new records, and it automatically removes the Unlink button from the Related Table's action bar.
Example
Consider a Related Table of Support Cases contained in a Company record. To prevent a group from adding or removing records from the Related Table, remove the Edit permissions in the Support Cases table for all the fields included in the linked set to the Company table.
Another way to prevent users from unlinking records in a Related Table is to navigate to the Permissions tab of the Field wizard for the Related Table and deselect the option that allows users to unlink records.