Permissions
Permissions, granted by roles and by apps, control how users access content within Cloud.
Role permissions
Each role has a set of permissions that define the rights available to that role. There are five permissions, and each can be applied to objects in the system.
Permission types
Object permissions include the ability to Create (C), Read (R), Edit (E), Delete (D), and Share (A & S). Each object type has its own set of object permissions. With custom roles, you can enable your own unique set of permission types for each object permission.
Permission | Rights granted to user |
---|---|
Create (C) | Create object |
Read (R) | View object |
Edit (E) | Modify object |
Delete (D) | Delete object |
Share (A) | Assign or remove any user role |
Share (S) | Assign or remove owned user roles |
Objects
Objects are named according to their interface labels in Caseware Cloud, such as Activities, Contact, Entity, and Uploaded Files.
The following tables outline all object permissions with their descriptions (the full list of object permissions is also available from the Roles Permission interface on the Settings page):
Organization objects
Type | Permissions | Description |
---|---|---|
Contact | C D | The contact itself, including all information for Contact - Details and Contact - Summary. |
Contact - Details | R E | The following information from the contact form:
|
Contact - Summary | R E | The following information from the contact form:
|
Contact Group | C E D | Contact Groups, including assigning and removing contacts. |
Organization | R E | The organization itself and the following areas:
Time considerations
|
Staff | C D | The staff member itself, including all information for Staff - Details and Staff - Summary. |
Staff - Details | R E | The following information from the staff form:
Time considerations
|
Staff - Summary | R E | The following information from the staff form:
|
Staff Group | C E D | Staff Groups, including assigning and removing staff. |
Tag | C E D | The tag item itself and the following areas:
|
Entity objects
Type | Permissions | Description |
---|---|---|
Entity | C D A S | The entity itself, including all information for Entity - Details and Entity - Summary. |
Entity - Details | R E | The following information from the entity form:
|
Entity - Summary | R E | The following information from the entity form:
Time considerations
|
Content objects
Type | Permissions | Description |
---|---|---|
Activity | C R E D A S | The following activity types:
|
Activity - Comment | C E D | Comments on the following activity types:
|
File | C R E D A S | The following objects on the Files page:
For other File objects, access is granted on the Apps tab when creating or modifying Staff, Contacts, or Groups. Note: The Edit permission for files also enables users to delete empty folders. |
App permissions
Each app has a set of permissions that define the rights available to users or groups that have been granted access to that app. Ensure you have the Staff Admin role to enable access for staff members or staff groups, or the Entities Admin role to enable access for a contact or contact group.
To enable app access for a user or group:
-
Ensure you have the Staff Admin role or equivalent privileges.
-
From the Cloud menu (), select Groups or Staff.
-
Select the user or group where you want to enable the app, then select Edit ().
-
Select Apps, then choose the appropriate access type.
-
No access: Do not enable access to the app for the user or group. This is the default option and does not use any licenses.
-
Read-only: Enable the user or group to view (but not modify) engagements and files in the app without using any licenses. Only available for Cloud Engagement apps.
-
Full access: Enable the app for the user or group. This option uses a license for each user that receives app access.
-
-
If the user or group receives Full access to an app, assign the applicable app permissions.
-
Select Save.
Time app permissions
You can assign the following app permissions to any group or any staff member with a valid Time license.
Permission | Description |
---|---|
Process own entries | Submit personal time and expense entries |
Process all staff entries | Submit time and expense entries on behalf of other staff members. |
Transfer all staff entries | Transfer time and expense entries between entities and engagements |
Process | Access the Billing app, view WIP totals and create invoices |
View own entries | Use personal time and expense entries to generate Analysis reports |
View all staff entries | Use all staff members' time and expense entries to generate Analysis reports |
View WIP and Billing | Use WIP and Billing information to generate Analysis reports |