Overview
We have revamped the security model of SurveyToGo to make it much more robust and configurable.
With the new security model you are able to:
- Define custom roles with access to specific nodes in the management tree.
- Specify the exact right to each of the sections: none/read/write/full
- Assign Studio users / groups to either the built-in roles or the custom roles you have defined.
- Define and assign project specific roles vs organizational roles to control the different access to the management tree nodes.
Under the Organization tree there is a new Node Called Security
- Security Roles – Organization and Projects roles that provides the user access to the different nodes.
- Security Assignments – Assignment of the Organization Roles for a specific user or group.
Online Videos
Direct Youtube link (for full screen): https://youtu.be/DgVflG7HX-w
Direct Youtube link (for full screen): https://youtu.be/lbPfkNXeB34
Direct Youtube link (for full screen): https://youtu.be/V9YO7VkiS0k
Security Roles
There are 2 types of roles
- Organization Roles –Controls the access to the Organization nodes and not to the Customers & projects Node. For example: user/Surveyor/Groups, GPS Tracking etc.
- Project Roles – Controls the access related to a specific Project
Each role has a sections (Nodes) that he is responsible for and for each you can provide the following Rights:
- None – No Access at all
- Read – View but no modifications
- Write – Interact with existing data
- Full – Allows also to delete the data
On the bottom you can see the documentation of each specific section and what is the definition of each right.
Creating a New Custom Role
We have created several default Roles for both Organization and Project Roles. Although you can’t modify the built in roles you can create a new custom role and adjust it according to your needs.
- Click on the ‘Add Organization Role’ or ‘Add Project Role’
- Provide a name to the Role
- Mark the Sections and Rights that you would like this role to have.
4. Click ‘Save Changed’
Please Note: To learn about our Security Roles & Assignments definitions scroll down to the end of this article.
Remove a Role
To remove a role you created just mark the role and click on ‘Remove Role’
Security Assignment
In this section you will be able to assign each user with an organization role.
This is a smart grid which enables you to view and filter any users/groups/roles to see who has which permissions.
The screen is compiled of 3 sections
- Users & Groups – List of all the users and groups for the organization
- Security Roles – List of organization security roles (default and customized)
- Preview Screen – Preview of each Role definitions.
Assign a User/Group with a Default Role
- Choose the user/group that you would like to assign a default role (organization or project)
- In the Security Roles section choose the Role that you would like to assign
- Click the ‘Assign Selected’ button
- Click ‘Save Changes’
Please note: The default roles can be assigned to either a user or a group. Once a default project role is assigned it will be effective to all new project that will be created (it will not affect current projects).
Un-Assign a Default User/Group from a Role
- Choose the user/group
- On the right side screen choose the role that you would like to un-assign
- Click the ‘Unassign Selected’ button.
- Click on ‘Save Changes’
Please note:
- You can choose more than 1 user to assign/Unassign by holding the ‘Shift’ on your keyboard and choosing the users.
- A user can be assigned to more than 1 role and you can see the different section/rights assigned to him in the review screen.
Tip: To view current users/groups that have permissions just check the top right checkbox ‘Show only users/groups with permissions’
Organization Security Administrators Privileges
Users who have privileges to the security node can review and assign Project Roles to users/groups in a bulk action by right clicking on the ‘Security Assignment’ node
Assign Project Security Roles to Users
- Choose ‘Assign Project Security Roles to Users’
- In the window shown – choose the users/groups you would like to assign the role to and click Next
- Choose the project/s that you would like to assign and click Next
- Choose the project Role you would like to assign and click Next
- Review your data and click Finish
Please note: If the list of users/projects is long you can start typing the name you wish to search for in the filter box
View/Remove Assigned Project Security Roles
This view shows you a matrix of all the security roles (project and organization) and the users/groups assigned.
You can filter by:
- Customer
- Project
- User Type
- Name
- Role Name
If you would like to un-assign/Remove one of these option check the ‘Remove’ and click on ‘un-assign’
In the confirmation message click ‘Yes’
Project Administrator Privileges
How to assign a project role as a Project Administrator
- Navigate to the Project you would like to assign
- Right click and choose ‘Security Settings’
- In the Window Assign the rights (In the same way as assigning a user to a role)
- Click on Save Changes
Show/Un-Show Unassigned Projects in the Main Nodes
You can control and define whether or not a user can see the nodes he doesn’t have access to or get an error message.
- Right click on the organization name
- Choose Organization Properties
- Navigate to the ‘Advanced’ Tab
- Check the ‘Hide Nodes For Which User Doesn’t Have Access To’ – checked is the default setting.
Assigning users with specific statuses
Click Here to learn how you can assign users to see only certain statuses in the operations console.
Security Roles & Assignments
We have concentrated the Roles-Section-Rights definitions here
Organization Security Roles Assignments
Section |
Description |
None |
Read |
Write |
Full |
Additional Data Lists | Controls the Access to the 'Additional Data Lists' screens | Doesn't Allow Access | Can View the list | Allows Viewing, Editing, Creating new | Same As 'Write' but also Allows to delete existing lists |
Assignments | Controls the Access to the 'Organizations Tasks' screens that enables Viewing tasks data | Doesn't Allow Access | Allows Viewing the organization tasks grid. | Allows Viewing, changing the task details/Assignments | Same As 'Write' but Allows also to delete tasks |
Create Customers & Projects | Controls the Access to the customers & projects in the organization | Doesn't Allow Access | Allows Viewing of all the customers & projects node | Same As 'Read' but Allows creating new customers/projects | Same As 'Write' but allows also Deleting of customers/projects |
Dashboards |
Controls the access to the 'KPI's' and 'Fieldwork Reports' screens that enable generating Dashboards and Fieldwork reports from the operational data |
Doesn't Allow Access | Allows Access to the 'KPI's' and 'Fieldwork Reports' screens | Same as 'Read' | Same as 'Read' |
GPS Tracking - Show Latest | Controls the Access to the 'GPS Tracking' | Doesn't Allow Access | Allows Access to the GPS Tracking | Same As 'Read' Access | Same As 'Write' Access |
GPS Tracking - Show Route | Controls the Access to the 'GPS Tracking' | Doesn't Allow Access | Allows Access to the GPS Tracking | Same As 'Read' Access | Same As 'Write' Access |
Library - Organization Scripts | Controls the Access to the organization function code libraries screens | Doesn't Allow Access | Allows Viewing the library code | Allows both Viewing and Modifying code | Same As 'Write' |
Locations | Controls the Access to the 'Locations' node of the projects | Doesn't Allow Access | Allows Viewing all the 'Locations' nodes of projects | Same As 'Read' Access but Allows creating new location stores | Same As 'Write' but also Allows Deleting existing location stores |
Operations | Controls the access to the 'Organizations Operations' screens that enables viewing interview data and performing quality control | Doesn't Allow Access | Allows Viewing the organization operations grid along with Reviewing the individual interview data | Allows Viewing the organization operations grid along with Reviewing the individual interview and changing the interview status & surveyor | Same As 'Write' but also Allows to delete existing interviews |
Projects Overview | Controls the access to the 'Projects Overview' screen that gives a report of which project is in which stage | Doesn't Allow Access | Allows Viewing the 'Projects Overview' screen | Allows Viewing the 'Projects Overview' screen along with adding and changing project pipelines | Same as Write but also allows deleting project pipelines. |
Security | Controls the Access to the security screens used to mange the security rights of Users and Groups | Doesn't Allow Access | Allows Viewing the security of Users, groups & roles | Allows Viewing, Modifying and creating new roles and assign roils to Users and Groups | Same As 'Write' but also Allows Deleting existing roles |
Studio Users & Groups | Controls the Access to the 'studio Users & Groups' screens | Doesn't Allow Access | Allows Viewing the Users and Groups | Allows Viewing, Modifying and creating new Users and Groups | Same As 'Write' Access but also Allows Deleting Users. |
Supervisor Users & Groups | Controls the Access to the 'Supervisor Users & Groups' screens | Doesn't Allow Access | Allows Viewing the Users and Groups | Allows Viewing, Modifying and creating new Users and Groups | Same As 'Write' Access but also Allows Deleting Users. |
Surveyor Support | Controls the Access to the "Support" screens | Doesn't Allow access to the 'Support' screens | Allows Viewing the support | Same as 'Read' access | Same as 'Read' |
Surveyor Users & Groups | Controls the Access to the 'Surveyor Users & Groups' screens | Doesn't Allow Access | Allows Viewing the Users and Groups | Allows Viewing, Modifying and creating new Users and Groups | Same As 'Write' Access but also Allows Deleting Users. |
SurveyToGo Account | Controls the Access to the 'My SurveyToGo Account' screens used to manage your account and view administrative reports | Doesn't Allow Access | Allows Viewing the account | Same As 'Read' Access | Same As 'Write' Access but also Allows archiving/Deleting storage data from the storage management screens |
Version Management | Allows Setting the Studio/Android/PC Client Versions assigned to the organization and its users | Doesn't Allow Access to the 'Version Management' screen | Allows read access to the 'Version Management' screen | Allows the user to upgrade its own client versions | Allows the studio user to upgrade the organization default and organization users' client assignments. |
Project Security Roles Assignments
Section |
Description |
None |
Read |
Write |
Full |
3-Way Subject Assignments | Controls the Access to the survey/surveyor/subjectstore item Assignments | Doesn't Allow Access | Allows Viewing the Assignments | Allows both Viewing and Modifying the Assignments | Same As 'Write' Access but also Allows Deleting Assignments |
Assignments | Controls the Access to the Assignments screens which are part of the premium Task System | Doesn't Allow Access | Allows Viewing both batches and tasks and Assignments | Allows Viewing both batches and tasks and Assignments and also creating new batches/tasks and making new Assignments | Same As 'Write' Access but also Allows Deleting tasks/batches and Assignments |
CAWI Participants List | Controls the access to the 'CAWI Participants' node in a project | Don't Allow Access | Allows viewing all the 'CAWI Participants' nodes of the project but doesn't allow creating new lists | Same as 'Read' access but also allows creating new 'CAWI Participants' stores but doesn't allow deleting existing lists | Same as 'Write' access but also allows deleting existing CAWI Participants stores |
Collected Attachments | Controls the Access to the 'Collected Attachments' screens that enable archiving attachments on a project level | Doesn't Allow Access | Allows Viewing the reports but not archiving the attachments | Same As 'Read' | Allows Viewing the reports and also archiving the attachments |
Collected Data | Controls the Access to the 'Collected Data' screens that enable exporting the interviews data to a data output file | Doesn't Allow Access | Allows generating the export file to any of the supported formats along with quick view and export of the survey itself | Same As 'Read', but also Allows the ability to use the option to change the status of the data after export. | Same As 'Write' Access but also Allows using the option to delete the data after export |
Collected Data - PII | Controls the Access to the 'Collected Data' screens that enable exporting the interviews data that are marked as Personally Identifiable Information to a data output file | Doesn't Allow Access | Allows generating the export file to any of the supported formats along with quick view and export of the survey itself | Same As 'Read', but also Allows the ability to use the option to change the status of the data after export. | Same As 'Write' Access but also Allows using the option to delete the data after export |
Dashboards | Controls the Access to the 'KPI's' and 'Fieldwork Reports' screens that enable generating Dashboards and Fieldwork reports from the operation data. | Doesn't Allow Access | Allows Access to the 'KPI's' and 'Fieldwork Reports' screens | Same As 'Read' | Same As 'Read' |
GPS Tracking - Show Latest | Controls the Access to the 'GPS Tracking' | Doesn't Allow Access | Allows Access to the GPS Tracking | Same As 'Read' Access | Same As 'Write' Access |
GPS Tracking - Show Route | Controls the Access to the 'GPS Tracking' | Doesn't Allow Access | Allows Access to the GPS Tracking | Same As 'Read' Access | Same As 'Write' Access |
Operations | Controls the Access to the 'Operations' screens that enable Viewing interview data and performing quality control | Doesn't Allow Access | Allows Viewing the operations grid along with reviewing the individual interview data | Allows Viewing the operations grid along with reviewing the individual interview and changing the interview status & surveyor | Same As 'Write' but does allow Deleting interviews |
Operations Download Attachments | Controls the specific ability to download Attachments from the attachments tab within an interview review screen of the operations console | Doesn't Allow Download from the Attachments tab | Allows downloading attachments | Same As Read | Same as Read |
Operations Review Attachments | controls the specific Access to the 'Attachments' tab within the interview review screen of the operation console | Doesn't Allow Access | Allows Viewing the 'Attachments' tab | Allows Viewing the 'Attachments' tab, adding and changing the attachments | Same As 'Write' but does allow Deleting attachments |
Operations Review: Interview Data | Controls the access to the interview data, i.e. answers to questions within the interview review screen | Doesn't Allow Access | Allows Viewing the data section | Allows Viewing the data section and editing | Same as 'Write'. |
Operations Review: Interview Data - PII | Controls the data that is marked as Personally Identifiable Information, ie: answers to the questions within the interview review screen | Interview data that is marked as PII is obscure | Allow viewing the data section but does not allow changing the data | Allows viewing the data section and changing the data | Same as 'Write' |
Operations Review: Interview Status | Controls the access to the interview status within the interview review screen | Allows viewing the current interview status but doesn't allow changing it | Same as 'None' | Allows viewing the interview status and changing the status | Same as 'Write' |
Operations Review: Quality Control Tab | Control the access the Quality Control Tab within the interview review screen | Doesn't Allow Access | Allows Viewing the Quality Control Tab but doesn't allow answering the QC Questions or manipulating the QC Score | Allows Viewing the Quality Control Tab and answering the QC Questions and manipulating the QC Score | Same as 'Write' |
Operations Review: Quality Control Tab (Restricted Part) | Control the access the Quality Control Tab 'Restricted QC' part within the interview review screen QC Tab | 'Restricted Part' of the QC Tab is not shown. | Allows Viewing the 'Restricted Part' of the QC but doesn't allow answering the QC Questions of the 'Restricted Part' | Allows Viewing 'Restricted Part' of the QC tab and answering the QC Questions of the 'Restricted Part' | Same as 'Write' |
Project Overview | Controls the access to the 'Project Overview' screen that shows you the current stage and calendar of a project. | Doesn't Allow Access | Allows Viewing the 'Project Overview' screen | Allows Viewing the 'Project OVerview' screen along with changing the current stage of the project pipeline | Same as 'Write' but also allows changing the project pipeline stage details and switching project pipelines. |
Quotas | controls the Access to the 'Quotas' screens that enables Viewing the current quotas progress and to set the quota targets for interviews or globally | Doesn't Allow Access | Allows Viewing the quotas progress along with exporting the data | Allows Viewing the quotas progress along with exporting the data and setting targets or changing exceed-action settings. | Same As 'Write' |
Rounds | Controls the Access to the 'Rounds Settings' screens that enables controlling the current rounds settings of the project | Doesn't Allow Access | Allows Viewing the current and past rounds | Same As 'Read' and also Allows Editing/adding/updating rounds | Same As 'Write' but also Allows Deleting rounds |
Security | Controls the Access to the 'Security Settings' screens of a project that enables controlling the security roles of Users within the current project | Doesn't Allow Access | Allows Viewing the current security settings | Allows both Viewing and Editing the current security settings of this project. | Same As 'Write' |
Survey | controls the Access to the 'Survey Design' screens (Scripts) of a project essentially controlling who has scripting Access | Doesn't Allow Access | Allows Viewing the list of surveys in a project and to open the survey script | Allows both Viewing surveys and creating new surveys and changing existing surveys | Same As 'Write' but also Allows Deleting surveys |
Surveyors | Controls the Access to the 'Surveyors' screens of a project that controls the interviewers assignment to the project. | Doesn't Allow Access | Allows Viewing the list of surveyors in the projects | Allows both Viewing existing surveyors and also adding new surveyors to the projects | Same As 'Write' but also Allows removing surveyors from the project. |
Tabulation | controls the Access to the 'Tabulation' screens of a project (Premium Feature) that enable basic tabulation and cross tabulation of the project data | Doesn't Allow Access | Allows full Access to create tabulation and cross tabulation on the project data | Same As ''Read'' | Same As 'Read' |
That's It !
Visit us at our website - http://www.dooblo.net
Comments
Please sign in to leave a comment.