By default, all active iSheets in a site may be viewed by all users in the site. Permissions must be enabled on an iSheet to restrict certain groups of users from accessing the iSheet, its views or columns.
Check and edit permissions
To check the permission status of an iSheet, or to enable permissions, navigate to the iSheet admin page in the site (Admin > Module settings > iSheets) and click More actions for the iSheet. Select Manage permissions:
By default, Enable permissions is not checked, meaning all users who have access to the site can access the iSheet.
Check the box to Enable permissions. Once selected, a Site admin can restrict which groups can access the iSheet and configure exactly what type of access each group has to iSheet items.
When Enable permissions is selected, a table like the one displayed above displays, with a row for each group in the site. By default, access will be fully disabled for each group.
If you are not using groups for permissioning (a configuration in Admin > Security), you will be presented with a similar matrix where you can assign permissions on a user (or organisational) basis:
Since Use groups for permissioning is typically enabled, the following instructions will assume that groups are used for permissioning. Similar permission rules would apply for user-based permissioning, with organisations (org) used in place of groups.
iSheet permission levels
iSheet level permissions are divided into two categories: View and Edit. View allows a user in a group to view (and search for) iSheet items. Edit allows a user in a group to add, edit and delete iSheet items. A user with edit rights to an iSheet item may also review its version history and compare versions. See Item versions for more information.
Both Edit and View have a specific subset of permissions that can be enabled as needed for your use case.
View permissions
- Own - Users can only view items created by themselves.
- This group - Users can view any items created by themselves or other users in the same group. (If This group is selected, Own is automatically selected.)
- All - Users in the group may view all iSheet items, regardless of who created them. (If All is selected, both Own and This group are automatically selected.)
Edit permissions
- Own - Users can add items and only edit and delete items they themselves created.
- This group - Users can add items, and edit and delete items created by themselves or other users in the same group. (If This group is selected, Own is automatically selected.
- All - Users can add items, and edit and delete all iSheet items regardless of who created them. (If All is selected, both Own and This group are automatically selected.)
Enabling any Edit level permission for a user or group will also select the corresponding permission under View.
If a user or group can edit items, then they can also view those same items.
The reverse does not apply: View rights can be granted without Edit rights.
If a user is a member of multiple groups with different permissions applied, that user will have view and edit access to items based upon the permissions of all their groups combined.
Consider the following example:
- "Client 1" has Edit Own rights, and as such also View Own access. Users in the group can add items and only view and edit their own items.
- Both "Client 2" and "Client 3" have View This group and Edit Own rights to their respective groups. They can add items, view, edit and delete their own items, and can view, but not edit, items created by other members of their group.
- "Client 4" and "Client 5" have View This group and Edit This group rights for their respective groups. They can add items, and view, edit and delete items created by themselves and other members of their group.
- "Internal Users" has Edit All rights, and therefore users in the group have access to view, edit and delete all items in the iSheet.
The group a user belongs to determines which subset of items is available for viewing and editing.
Users who are only members of "Client 1" can only access items they created. There could be 50 users in "Client 1" contributing multiple items to the iSheet, but each user would only see their own contributions when viewing the iSheet.
Members of the "Internal Users" group would see all entries from all users. The permissions set-up for "Client 1" and "Internal Users" in particular can be useful for iSheets collecting questionnaire responses that need to remain private to the contributor ("Client 1" users), but compiled and collected for the reviewers ("Internal Users").
If permissions are enabled on an iSheet and later disabled, any permissions that had been applied at the iSheet, column or view levels will be reset.
Site admins must enable permissions on an iSheet in order to configure permissions on any of the iSheet views and/or columns.
Configuring iSheet permissions for columns and views are discussed in subsequent articles.