Settings > Account > Permissions
Group-based permissions allow Bridgit Bench Admins to leverage the Groups feature to expand a user's Bench capabilities while keeping them focused within their group. They build on established base Permission Sets to provide teams with access to data within their Group (i.e. Region, Office, Function).
This allows teams to have visibility on projects within their scope while providing Admins the ability to limit data editing to certain groups.
To have this feature enabled, please contact email@example.com
Table of Contents
- How Does It Work
- Setting Up Group-Based Permissions
- Adding Group-Based Permissions
- Best Practices & Exceptions
How Does It Work
Base Permissions Sets are the smallest scope of permissions granted to a user. Group Permissions function in an additive way and cannot remove permissions that have been granted in the base set.
For example: A user with View Only base permissions can have Manage permissions added in a specific group but, conversely, a user with Full Contributor base permissions cannot have Manage permissions removed in a specific group.
Base permissions are the System & Custom Permission Sets found in Settings > Account > Permissions.
Users can be assigned any permissions — either the System Permission Sets or a Custom Permission Sets — as their Base permissions set. Before assigning Group permissions to a user, create a Custom Permission Set. It's important to understand how Base and Group permissions interact.
In the example below:
- Base Permission Set: Division Coordinator
- The user is able to View All Salaried & Manage salaried people in Bench.
- Group-Based Permission Set: Division/ Operation Manager
- The user is able to Manage Salaried Roles & Manage Salaried Allocations for all people and projects within their Group because of their Group-Based permission set.
Ensure Groups have been set for the appropriate People and Projects on the account to take full advantage of this feature.
Setting Up Group-Based Permissions
Set up Custom Permission Sets to be used with Group-Based Permissions by selecting the icon in the Custom Permission Sets section. Review how to set up Custom Permission Sets for more details.
Adding Group-Based Permissions
Add Group-based permissions when initially inviting a new user to Bench and for users that already have an account by navigating to Settings > Account > Users.
For new users:
- Select Invite User
- Set their email and base permissions
- Select the icon, set the Group and Permissions set then Invite
For Active Users:
- Select the icon in the Active Users section
- Follow the same steps as above, then select Save.
Group-Based Permissions for Invited Users who have not set up an account cannot be changed until the account is set up or a new invite is sent with the new permissions.
Best Practices & Exceptions
Administrator Permission Set - does not need Group-based permissions as they have access to all features and account data. Manage Settings is only applicable to Admins and cannot be granted in Group-Based Permissions.
Salaried & Hourly - Group-based permissions for managing and viewing specific profile types must match and have this included in their base permissions.
- Base Permission: View All Salaried
- Group-Based Permission: Manage Salaried People
This Group-Based Permission is valid and allows the user to manage salaried people within a specific group. However, granting Manage Hourly People, would not apply as they do not have Hourly base permissions to build upon.
General System Permission Sets - The following permission fields must exist in the base permission set. They will have no effect if granted solely in group-based permissions:
- View Private Fields
- View Financial Fields
- Manage Communications