Assign security roles

When you add staff members or client contacts to Cloud, you need to assign their security access level.

Default security access levels

When you add a new user to Cloud, they are assigned to one of two groups:

  • All Staff

  • All Contacts

These groups are the two default user groups in your firm's Cloud profile. New users are assigned to the appropriate group for their user type. The security settings for these groups determines the base level of access that new users get.

Use the following steps to review the security settings for the default groups:

  1. Ensure that you have the Staff Admin role or equivalent privileges.

  2. From the Cloud menu, select Groups. The Groups page is displayed.

  3. Select the All Staff or All Contacts group. The details pane is displayed on the right.

Review any system-wide roles that your firm has assigned to this group and any entities that the group already has access to.

All staff in this organization have access to view their own time and expense entries. They also have access to the default workspace.

Assign system-wide roles to staff

System-wide roles determine the level of access that you want to grant to staff or staff groups. Refer to Built-in roles ti view a description of each role.

To assign system-wide roles:

  1. Ensure that you have Staff Admin role or equivalent privileges.

  2. From the Cloud menu, select Groups or Staff.

  3. Select the user or group you want to edit the roles for, then select Edit( ).

  4. Select the System-Wide Roles tab and select the appropriate roles.

    Edit staff roles -  system wide roles

  5. Select Save.

Grant users and groups access to entities

You can grant users or groups access to entities to:

  • Grant staff access to specific entities instead of granting them system-wide roles.

    For example, assign staff members access to client entities that they are assigned to work on their respective engagements, rather than have them access all clients engagements in the firm.

  • Grant client contacts the necessary permissions to access and respond to queries, as well as view or access entity files.

  • Grant users (staff, contacts or groups) access to specific files in an entity.

Grant staff access to entities

Use the following steps to grant entity access to staff or staff groups.

To grant access to an entity:

  1. Ensure that you have the Owner role or the equivalent privileges for the entity.

  2. From the Cloud menu (), select Entities.

  3. Select the entity you want to grant access to, then select Share ().

    The Share icon displayed on the Entities page.

  4. Search for the groups, staff members you want to grant access to, then select Assign Roles to (#).

  5. Choose the appropriate staff role.

    Roles that users already have due to previous settings appear under Inherited.

  6. Select a role to grant it to your user or group.

  7. Select Share.

You can also grant access to multiple entities simultaneously by selecting more than one entity. Note that in if you grant access to multiple entities simultaneously, you can only assign one role for each user you select. For example, if you select entity A and entity B, then you can only assign the selected staff member the Viewer role on these two entities. You cannot assign Viewer and Editor, for instance.

To grant access to multiple entities:

  1. Ensure that you have the Owner role or the equivalent privileges for the appropriate entities.

  2. From the Cloud menu, select Entities.

  3. Select the entities you want to grant access to, then select More Actions | Share.

    The More Actions drop-down menu after selecting multiple entities.

  4. Select Staff, if you want to grant access to staff members. Select Contacts, if you want to grant access to client contacts.

  5. Choose the appropriate role from the drop-down .

  6. The drop-down displays a different list of roles based on whether you've selected Staff or Contacts in Step 4.

  7. In the search field, enter the name of the group, staff member or contact you want to grant access the role to.

  8. Assigning roles using the drop-down menu.

  9. Select Share.

Grant client contacts access to entities

To collaborate with client contacts using queries, your need to assign them the necessary roles so they can access query documents and respond to information requests, as well as allow them to view or access entity files.

To grant the necessary roles to client contacts:

  1. Ensure that you have the Owner role or the equivalent privileges for the entity.

  2. From the Cloud menu (), select Entities.

  3. Select the entity you want to grant access to, then select Share ().

  4. Search for contacts you want to grant access to, then select Assign Roles to (#).

  5. Choose the appropriate contact role.

  6. Select Share.

Grant users or groups access to specific files or activities in an entity

You can grant users or groups access to specific files in an entity.

To grant access to specific files or activities in an entity:

  1. Ensure that you have the Owner role or equivalent rights to the files.

  2. Ensure that the users or groups have been granted the following roles only on the entity where the files belong:

    • Contact - Entity Access role for contacts or contact groups.

    • Entity Access role for staff or staff groups.

    For example, if you want to grant staff member John Smith access to specific files in entity A, make sure that you select the Entity Access role for John Smith in the sharing properties of entity A.

    The following figure shows the sharing properties icon.

    Share icon in the entity properties.

  3. From the Cloud menu (), select Files.

    If you want to grant access to an activity, select Activities.

  4. Select the files or activities that you want to assign roles for, then select Share ().

  5. Select the users or groups you want to have access to the file or activity, then select Assign Roles to (#).

    The list of roles that displays is different based on whether the selected users or groups are Staff or Contacts.

    Sharing specific files with a contact.

  6. Select the check box next to the roles that you want to grant the users or groups.

  7. Select Share.