Focus permissions overview
Focus has two tiers of permissions that work together to control who can perform which actions.
Group permissions control what people can do across your entire Focus instance. App admins can set these permissions to give larger groups of users blanket access to perform actions like creating, editing, deleting, or exporting any focus area in the instance.
By default, we’ve set up your instance with a predetermined set of user groups and permissions, but app admins can add additional user groups and customize group permissions as needed.
App admins have all group permissions turned on, and don’t require access controls to perform actions. Be careful when granting this role.
Access controls control what people can do at a smaller scale. They only apply to single objects; like an individual focus area.
App admins can set all access controls.
Some users with object or app access can also set certain access controls. More about who can manage access controls
How group permissions and access controls work together
Sometimes, group permissions exist on their own. Other times, access controls sit on top of group permissions. When the latter happens, both the app permission and the access control permissions need to be turned on for someone to be able to perform the action on an object. View a full list of group permissions with related access controls
As an example:
A person belongs to a user group with group permissions to edit the owner on focus areas. However, they aren’t able to edit focus areas in the instance. This is expected, because focus areas have a Can edit access control.
Later, their app admin grants the person the Can edit access control for three focus areas.
With these new access controls, the person can now edit the owner on those three focus areas, but will need access control granted on other focus areas to be able to edit more.
Was this helpful?