Introduction to Permissions
If you would like to control what your collaborators can see or edit in the space, you can give them specific permissions. Data security can be ensured through permission.
There are three kinds of permissions.
- Permissions for space management
Permissions that allows you to change, add, and delete sub-Admin of the space. - **Permissions for files - Set permissions on files in the Workbench
Members should be allowed to view and edit files. - Permissions for field management
Permissions that determines which fields can and cannot be viewed or edited by which collaborators.
Permissions mentioned above can be configured by space administrators.You can read following text to know how to configure different types of permissions.
Permissions for space managementβ
In the space settings section, you can configure permissions for space management. To configure this permission, you can follow this path to click the elements in AITable: Settings > Organization > Space admin. Permissions for space management are classified as three levels below.
Permission levelsβ
- Admin: The owner of the space is the Admin as well, and the Admin has the highest level of permissions.You can transfer the role of main administrator to other collaborator.
- Sub-Admin: Admin is able to add Sub-Admin, who act as assistants to manage space.
- Member: collaborators in AITable space except main and sub admin.
On the "Space Management" page, Space Admin can perform the following operations:
| Main Administrator | Sub Administrator | Ordinary collaborators | |
|---|---|---|---|
| Space Dashbord | βοΈDelete and rename space | βοΈ View only | |
| Workbench Permissions | βοΈ | βοΈ | |
| Organization - Members & Teams | βοΈ | βοΈ | |
| Organization - Space admin | βοΈ Transfer role of main admin βοΈ Add sub-admin | ||
| Security Settings | βοΈ | βοΈ | |
How to add sub-administratorsβ
Only main administrator of the space is allowed to add sub-administrators and configure specific permissions. You can follow the steps to add.
To add sub-administrators, you can follow this path to click the elements in AITable: Settings > Organization > Space admin. Then, click the button of "Add sub-admin"
This will bring up a permission configuration panel. You can select add whom as sub-administrator and give him/her what types of permissions. You can find more information about what specific functions each permission corresponds to by looking at the "Permission Description" behind each configuration item.
Permissions for datasheet/folder managementβ
You can determines which files, including datasheets/folders, can and cannot be viewed or edited by which collaborators through configuring file permissions. Go to workbench and open specific datasheet's setup menu, you can configure access permissions to this file. There are six roles with different permission levels for file management.
File access permission levelsβ
- Space administrators: admin and sub-admin with "Space Management & Workbench Permissions" have the highest permissions for files.
- File administrator: a collaborator who changes the default file permissions will become administrator of this file.
- Manager: able to add, delete views and records field, and allowed to edit fields, but unable to add and delete fields.
- Editor: able to add, delete views and records field, and allowed to edit fields, but unable to add and delete fields.
- Update-only: able to view, add and edit records, but unable to delete records.
- Read-only: only allowed to view the data.
Outline of acitions permitted at different permission levelsβ
File actions permittedβ
| Actions | Space/file administrator | Manager | Editor | Update-only | Read-only | Remarks |
|---|---|---|---|---|---|---|
| Configure file permissions | βοΈ | βοΈ | ||||
| Create new files | βοΈ | βοΈ | ||||
| Export view data | βοΈ | βοΈ | ||||
| Import files | βοΈ | βοΈ | ||||
| Copy files | βοΈ | βοΈ | Requires permissions of current and parent files | |||
| Move files | βοΈ | βοΈ | Requires permissions of current and parent files | |||
| Rename files | βοΈ | βοΈ | ||||
| Delete files | βοΈ | βοΈ | ||||
| Share files | βοΈ | βοΈ | βοΈ | |||
| Add file descriptions | βοΈ | βοΈ | ||||
| Save as templates | βοΈ | βοΈ |
Form actions permittedβ
| Function Sections | Space/file administrator | Manager | Editor | Update-only | Read-only | Remarks |
|---|---|---|---|---|---|---|
| Actions on view tabs | βοΈ | βοΈ | βοΈ | Actions on view tabs | ||
| View widgets | βοΈ | βοΈ | βοΈ | Customization tools like filter/row height/group/sort/hide | ||
| Export files | βοΈ | βοΈ | ||||
| Add, delete and edit fields | βοΈ | βοΈ | Add, delete, rename fields, change field types, and add field descriptions | |||
| Change field styles | βοΈ | βοΈ | βοΈ | Adjust width of fields and summary bar; reorder fields | ||
| Edit records | βοΈ | βοΈ | βοΈ | βοΈ | Add and delete records; edit content in cells | |
| Delete records | βοΈ | βοΈ | βοΈ | |||
| Comment in records | βοΈ | βοΈ | βοΈ | βοΈ | βοΈ | |
| Add, delete, and check robots | βοΈ | βοΈ | ||||
| Add and delete widgets | βοΈ | βοΈ | ||||
| Configure widgets | βοΈ | βοΈ | βοΈ | |||
| View widgets | βοΈ | βοΈ | βοΈ | βοΈ | βοΈ |
How to configure permissions in workbenchβ
All collaborators in spaces are configured with "Manager" permission for all files by default.
If you'd like to make some files only visible or editable to some specific collaborators, you can set permissions.
For example, if you'd like a datasheet only editable to product, operation, and design groups, you need to remove the default permissions of all coworkers in setting panel, and then give "Editor" permission to members in these three groups. The members from other groups then will be unable to access the datasheet.
If you create a folder to store several datasheets, the permissions of this datasheets will be set to be the same as parent folder by default.
Back to the example mentioned above, since we made members in product, operaition and design groups are able to edit "Project Management" folder, a lock icon then appeared next to the name of the folder. Permissions of all datasheets in this folder will be kept the same as the folder, if we don't change the permissions for these collaborators.
Assigning different levels of permissions to different coworkers or groupsβ
You can determine which space collaborator can access which individual datasheet in a folder, without changing the parent folder's permission settings.
For example, now, you want to set the permission of project datasheet as editor for design group, and read-only for product group and design group.
To do so, you can separately reset the permissions according to your requirements.
After you reset it, the project datasheet appears with a lock in the working directory, indicating permission setting for this datasheet is different from its parent folder of project management.
Setting different types of permissionsβ
Case 1: Set different permissions for a datasheet and its parent folder.
Taking the product and operation groups' case as an example, the administrator can assign the groups with read-only permission of the project datasheet and edit permission of the parent folder separately.
Then when members of product and operation groups access the project datasheet, they can't edit but only view the data.
**In this case, although the members in product group have edit permission of the datasheet's parent folder, they can still only view the data of the datasheet, due to subfile's permission is applied with priority..**
Case 2: Set permissions to a specified member and group.
For example, the administrator can set read-only permission to the product group and a specified member at the same time. Then all members in this group and the particular member can only view the data in the datasheet.
But if a member in the product now is assigned with editor permission of the datasheet, then he/she can edit the data, unlike other members.
In this case, when a member access a datasheet, his/her highest permissions will be applied.
Case 3: Give the permission of a subfile without giving the parent folder's permission
For example, the administrator can give read-only permission of project datasheet to operation group, without giving any permissions of its parent folder to them.
Moreover, because all members in operation group are not assigned with any permissions of the parent folder, they are not able to find any subfiles in this folder in directory on the left.
**In this case, if the group members would like to access the subfile, they will need the permission of the entire parent file.**
Field permissionsβ
There are two types of field permission that you can set for your field, including editor and read only permissions.
Different field permissionsβ
- Editor: Allows to edit any data in the field.
- Read-only: Only allows to view data in the field.
Setting field permissionsβ
Let's take an e-commerce use case as an example. For example, you are the head of an operation group in an e-commerce company, and you and your members need to use a datasheet of "Product Information Management" to manage the company's product information. Due to company's pricacy, you want a field in the datasheet, named as "Cost", is not visible to your members, and another field that is named as "Platform Price" is read-only for the members. How to do this?
Follow the steps below:
Case 1: Set "Cost" field not visible to other members.
Right click to bring up field configuration menu, and click field permission. Then on permission setting panel, assign any permissions only to yourself, making other members are not able to see the field.
Case 2: Set read only permission of a field to specified members.
Right click the field header to bring up configuration menu, and click field permission. Then on permission setting panel, assign all members except you in operation group with read-only permission.
Once the setup is completed, when different members access the datasheet, they will see different fields displayed.Let's take a look at the figures below to see difference.
You can notice that there is no "Cost" field in the other members' view, and the "Platform price" field is read-only to them as well. 
