User and Access Rights Management

We have developed Compozz with the aim of creating a tool that can be used by all employees within your company. This naturally requires advanced user and access rights management for workspaces, as not everyone should have access to all data.

Creating a User

To create a user, you must be defined as Account administrator, otherwise this operation will not be allowed. Click on your initial in the top right corner, then on “Users management”.

Then click on “Add a user” and fill in the fields.

Once the user is created, you can choose to define them as an account administrator as well; they will then also be able to manage users.

You also have the option to deactivate a user. They will then no longer count towards the number of users allowed for the plan you’ve chosen.

Managing Permissions

You can then manage user permissions for each workspace. In a workspace, go to the “Members” tab at the bottom left of your screen. The list of users who already have a role will appear. To access the full list of users, click "Display all users".

Account administrators by default have full rights on all workspaces. Others, by default, have none. You will need to create roles and assign them to each user.

A user who does not have a role assigned for a workspace is a user who does not have access to that workspace. The workspace will not even appear in his home page.

Click on “Role management”, then on “Add a role”, fill in the field and select it in the dropdown list “Select a role”.

Selecting a role to modify access rights

Good to know!

Before going any further, it is important to understand that there are two levels of rights: the rights on the data model and the rights on the data. The rights on the data model are the rights that allow you to create, modify, delete objects, views, or dashboards, for example. It is about the definition of the information you will manage in Compozz. The rights on the data are the rights that allow you to read, edit, delete records (lines) in an object, a view, or a dashboard, for example. It is about the information itself.

In the rest of this page, when we talk about objects, views, or dashboards, it is about the data model, while when we talk about records or lines, it is about the data.

In the first category, “Allow access”, you can define general rights on objects:

Full access: the role users have full access to objects and data.
Edition and deletion access: the role users can access created objects but cannot create new ones or modify object configurations. They can only edit object-related data and delete records.
Edition access: the role users have the same edit rights as with "Edit and delete access", but cannot delete records.
Read access: the role users can access created objects but cannot create new ones, configure, or edit data. They can only view it.
No access: the role users cannot access the object; it won’t appear in their session.

The same principle applies to access rights for dashboards.

For member permissions, there are only two options: either the user can modify the member list of the workspace, create and modify roles, or they cannot.

The same applies to views: either the user can create them, or not.

In the second category, “Object rights”, you can more precisely define a user's rights on each object. This way, you can give a user full access to objects in general but restrict access to one or more specific objects.

Good to know!

The management of rights on each object overrides the management of rights on all objects. This means that if you give full access to an object to a user while denying them general object access, they will still be able to see and modify that specific object freely.

Full access: the user can fully access and modify the object
Edition and deletion access: the user can access the object and edit data but cannot modify configuration. They can delete a record
Edition access: the user can access the object and edit data but cannot modify configuration
Read access: the user can only read the data and create a view
No access: the user cannot access the object

View of rights granted to the Collaborator role

Good to know!

It is also possible to uncheck an access right. This allows you to easily disable an access right (for example to test it) and reactivate it later. In the case of access rights on all objects, dashboards, members, and views, this is equivalent to configuring the access right to "Access denied". In the case of access rights on each object, this is equivalent to restoring the default value, i.e. applying the access right defined on all objects.

Managing View Permissions

When a user creates a view, it is private by default. This means that only the creator of the view can see and modify it. But the user can share the view with other users by defining access rights on the view.

When you hover over a view, 3 dots appear on the right — click on them, then on “Share view”.

Select a role, then the access level you want to assign:

Full access: role users have full access to the view and data.
Edition and deletion access: role users cannot access the view configuration but can create, modify, and delete records.
Edition access: role users cannot access the view configuration but can create and modify records.
Read access: role users cannot access the view configuration but can read the data.
Access denied: role users cannot access the view.

If you do not set any permissions, this view will remain private and will only be accessible by you.

You now have everything you need to precisely configure your collaborators' access rights. If you still have questions, feel free to contact us!