Using the SurveyToGo Permissions and Security Model

Overview

We have revamped the security model of SurveyToGo to make it much more robust and configurable.

With the new security model you are able to:

  • Define custom roles with access to specific nodes in the management tree.
  • Specify the exact right to each of the sections: none/read/write/full
  • Assign Studio users / groups to either the built-in roles or the custom roles you have defined.
  • Define and assign project specific roles vs organizational roles to control the different access to the management tree nodes.

Under the Organization tree there is a new Node Called Security

   

  • Security Roles – Organization and Projects roles that provides the user access to the different nodes.
  • Security Assignments – Assignment of the Organization Roles for a specific user or group. 

Online Videos

Direct Youtube link (for full screen): https://youtu.be/DgVflG7HX-w 

Direct Youtube link (for full screen): https://youtu.be/lbPfkNXeB34 

Direct Youtube link (for full screen): https://youtu.be/V9YO7VkiS0k 

Security Roles

There are 2 types of roles

  1. Organization Roles –Controls the access to the Organization nodes and not to the Customers & projects Node. For example: user/Surveyor/Groups, GPS Tracking etc.
  2. Project Roles – Controls the access related to a specific Project

        

Each role has a sections (Nodes) that he is responsible for and for each you can provide the following Rights:

  • None – No Access at all
  • Read – View but no modifications
  • Write – Interact with existing data
  • Full – Allows also to delete the data

On the bottom you can see the documentation of each specific section and what is the definition of each right. 

Creating a New Custom Role

We have created several default Roles for both Organization and Project Roles. Although you can’t modify the built in roles you can create a new custom role and adjust it according to your needs. 

  1. Click on the ‘Add Organization Role’ or ‘Add Project Role’ 
  1. Provide a name to the Role

         

  1. Mark the Sections and Rights that you would like this role to have.

    4. Click ‘Save Changed’

Please Note: To learn about our Security Roles & Assignments definitions scroll down to the end of this article. 

Remove a Role

To remove a role you created just mark the role and click on ‘Remove Role’  

Security Assignment

In this section you will be able to assign each user with an organization role.

This is a smart grid which enables you to view and filter any users/groups/roles to see who has which permissions.

The screen is compiled of 3 sections

  • Users & Groups – List of all the users and groups for the organization
  • Security Roles – List of organization security roles (default and customized)
  • Preview Screen – Preview of each Role definitions.

 

Assign a User/Group with a Default Role

  1. Choose the user/group that you would like to assign a default role (organization or project)
  2. In the Security Roles section choose the Role that you would like to assign
  3. Click the ‘Assign Selected’ button
  4. Click ‘Save Changes’

 

Please note:  The default roles can be assigned to either a user or a group. Once a default project role is  assigned it will be effective to all new project that will be created (it will not affect current projects).

Un-Assign a Default User/Group from a Role

  1. Choose the user/group
  2. On the right side screen choose the role that you would like to un-assign
  3. Click the ‘Unassign Selected’ button.
  4. Click on ‘Save Changes’

Please note:

  • You can choose more than 1 user to assign/Unassign by holding the ‘Shift’ on your keyboard and choosing the users.
  • A user can be assigned to more than 1 role and you can see the different section/rights assigned to him in the review screen.

Tip: To view current users/groups that have permissions just check the top right checkbox ‘Show only users/groups with permissions’

 

Organization Security Administrators Privileges

Users who have privileges to the security node can review and assign Project Roles to users/groups in a bulk action by right clicking on the ‘Security Assignment’ node

Assign Project Security Roles to Users

  1. Choose ‘Assign Project Security Roles to Users’
  2. In the window shown – choose the users/groups you would like to assign the role to and click Next  
  1. Choose the project/s that you would like to assign and click Next

  1. Choose the project Role you would like to assign and click Next

  1. Review your data and click Finish

Please note: If the list of users/projects is long you can start typing the name you wish to search for in the filter box

View/Remove Assigned Project Security Roles

This view shows you a matrix of all the security roles (project and organization) and the users/groups assigned.

You can filter by:

  1. Customer
  2. Project
  3. User Type
  4. Name
  5. Role Name

If you would like to un-assign/Remove one of these option check the ‘Remove’ and click on ‘un-assign’

In the confirmation message click ‘Yes’

 

Project Administrator Privileges

How to assign a project role as a Project Administrator

  1. Navigate to the Project you would like to assign
  2. Right click and choose ‘Security Settings’  
  1. In the Window Assign the rights (In the same way as assigning a user to a role)  
  1. Click on Save Changes

Show/Un-Show Unassigned Projects in the Main Nodes

You can control and define whether or not a user can see the nodes he doesn’t have access to or get an error message.

  1. Right click on the organization name
  2. Choose Organization Properties
      
  1. Navigate to the ‘Advanced’ Tab
  2. Check the ‘Hide Nodes For Which User Doesn’t Have Access To’ – checked is the default setting.  

Assigning users with specific statuses

Click Here to learn how you can assign users to see only certain statuses in the operations console.

Security Roles & Assignments

We have concentrated the Roles-Section-Rights definitions here

Organization Security Roles Assignments

Section

Description

None

Read

Write

Full

Additional Data Lists Controls the Access to the 'Additional Data Lists' screens Doesn't Allow Access Can View the list Allows Viewing, Editing, Creating new Same As 'Write' but also Allows to delete existing lists
Assignments Controls the Access to the 'Organizations Tasks' screens that enables Viewing tasks data Doesn't Allow Access Allows Viewing the organization tasks grid. Allows Viewing, changing the task details/Assignments Same As 'Write' but Allows also to delete tasks
Create Customers & Projects Controls the Access to the customers & projects in the organization Doesn't Allow Access Allows Viewing of all the customers & projects node  Same As 'Read' but Allows creating new customers/projects Same As 'Write' but allows also Deleting of customers/projects
Dashboards

Controls the access to the 'KPI's' and 'Fieldwork Reports' screens that enable generating Dashboards and Fieldwork reports from the operational data

Doesn't Allow Access Allows Access to the  'KPI's' and 'Fieldwork Reports' screens Same as 'Read'  Same as 'Read'
GPS Tracking - Show Latest Controls the Access to the 'GPS Tracking' Doesn't Allow Access Allows Access to the GPS Tracking  Same As 'Read' Access Same As 'Write' Access
GPS Tracking - Show Route Controls the Access to the 'GPS Tracking' Doesn't Allow Access Allows Access to the GPS Tracking  Same As 'Read' Access Same As 'Write' Access
Library - Organization Scripts Controls the Access to the organization function code libraries screens Doesn't Allow Access Allows Viewing the library code  Allows both Viewing and Modifying code Same As 'Write'
Locations Controls the Access to the 'Locations' node of the projects Doesn't Allow Access Allows Viewing all the 'Locations' nodes of projects Same As 'Read' Access but Allows creating new location stores  Same As 'Write' but also Allows Deleting existing location stores
Operations Controls the access to the 'Organizations Operations' screens that enables viewing interview data and performing quality control Doesn't Allow Access Allows Viewing the organization operations grid along with Reviewing the individual interview data Allows Viewing the organization operations grid along with Reviewing the individual interview and changing the interview status & surveyor Same As 'Write' but also Allows to delete existing interviews
Projects Overview Controls the access to the 'Projects Overview' screen that gives a report of which project is in which stage Doesn't Allow Access Allows Viewing the 'Projects Overview' screen Allows Viewing the 'Projects Overview' screen along with adding and changing project pipelines  Same as Write but also allows deleting project pipelines.
Security Controls the Access to the security screens used to mange the security rights of Users and Groups Doesn't Allow Access Allows Viewing the security of Users, groups & roles Allows Viewing, Modifying and creating new roles and assign roils to Users and Groups Same As 'Write' but also Allows Deleting existing roles
Studio Users & Groups Controls the Access to the 'studio Users & Groups' screens Doesn't Allow Access Allows Viewing the Users and Groups Allows Viewing, Modifying and creating new Users and Groups Same As 'Write' Access but also Allows Deleting Users.
Supervisor Users & Groups Controls the Access to the 'Supervisor Users & Groups' screens Doesn't Allow Access Allows Viewing the Users and Groups Allows Viewing, Modifying and creating new Users and Groups Same As 'Write' Access but also Allows Deleting Users.
Surveyor Support Controls the Access  to the "Support" screens Doesn't Allow access to the 'Support' screens Allows Viewing the support  Same as 'Read' access Same as 'Read'
Surveyor Users & Groups Controls the Access to the 'Surveyor Users & Groups' screens Doesn't Allow Access Allows Viewing the Users and Groups Allows Viewing, Modifying and creating new Users and Groups Same As 'Write' Access but also Allows Deleting Users.
SurveyToGo Account Controls the Access to the 'My SurveyToGo Account' screens used to manage your account and view administrative reports Doesn't Allow Access Allows Viewing the account Same As 'Read' Access Same As 'Write' Access but also Allows archiving/Deleting storage data from the storage management screens
Version Management Allows Setting the Studio/Android/PC Client Versions assigned to the organization and its users Doesn't Allow Access to the 'Version Management' screen Allows read access to the 'Version Management' screen Allows the user to upgrade its own client versions Allows the studio user to upgrade the organization default and organization users' client assignments.

Project Security Roles Assignments

Section 

Description

None

Read

Write

Full

3-Way Subject Assignments Controls the Access to the survey/surveyor/subjectstore item Assignments Doesn't Allow Access Allows Viewing the Assignments Allows both Viewing and Modifying the Assignments Same As 'Write' Access but also Allows Deleting Assignments
Assignments Controls the Access to the Assignments screens which are part of the premium Task System  Doesn't Allow Access Allows Viewing both batches and tasks and Assignments  Allows Viewing both batches and tasks and Assignments and also creating new batches/tasks and making new Assignments Same As 'Write' Access but also Allows Deleting tasks/batches and Assignments
CAWI Participants List Controls the access to the 'CAWI Participants' node in a project Don't Allow Access Allows viewing all the 'CAWI Participants' nodes of the project but doesn't allow creating new lists Same as 'Read' access but also allows creating new 'CAWI Participants' stores but doesn't allow deleting existing lists Same as 'Write' access but also allows deleting existing CAWI Participants stores
Collected Attachments Controls the Access to the 'Collected Attachments' screens that enable archiving attachments on a project level Doesn't Allow Access Allows Viewing the reports but not archiving the attachments  Same As 'Read'  Allows Viewing the reports and also archiving the attachments
Collected Data Controls the Access to the 'Collected Data' screens that enable exporting the interviews data to a data output file Doesn't Allow Access Allows generating the export file to any of the supported formats along with quick view and export of the survey itself Same As 'Read', but also Allows the ability to use the option to change the status of the data after export. Same As 'Write' Access but also Allows using the option to delete the data after export
Collected Data - PII Controls the Access to the 'Collected Data' screens that enable exporting the interviews data that are marked as Personally Identifiable Information to a data output file Doesn't Allow Access Allows generating the export file to any of the supported formats along with quick view and export of the survey itself Same As 'Read', but also Allows the ability to use the option to change the status of the data after export. Same As 'Write' Access but also Allows using the option to delete the data after export
Dashboards Controls the Access to the 'KPI's' and 'Fieldwork Reports' screens that enable generating Dashboards and Fieldwork reports from the operation data. Doesn't Allow Access Allows Access to the 'KPI's' and 'Fieldwork Reports' screens Same As 'Read' Same As 'Read'
GPS Tracking - Show Latest Controls the Access to the 'GPS Tracking' Doesn't Allow Access Allows Access to the GPS Tracking  Same As 'Read' Access Same As 'Write' Access
GPS Tracking - Show Route Controls the Access to the 'GPS Tracking' Doesn't Allow Access Allows Access to the GPS Tracking  Same As 'Read' Access Same As 'Write' Access
Operations Controls the Access to the 'Operations' screens that enable Viewing interview data and performing quality control  Doesn't Allow Access Allows Viewing the operations grid along with reviewing the individual interview data  Allows Viewing the operations grid along with reviewing the individual interview and changing the interview status & surveyor  Same As 'Write' but does allow Deleting interviews
Operations Download Attachments Controls the specific ability to download Attachments from the attachments tab within an interview review screen of the operations console Doesn't Allow Download from the Attachments tab Allows downloading attachments  Same As Read Same as Read
Operations Review Attachments controls the specific Access to the 'Attachments' tab within the interview review screen of the operation console Doesn't Allow Access Allows Viewing the 'Attachments' tab  Allows Viewing the 'Attachments' tab, adding and changing the attachments Same As 'Write' but does allow Deleting attachments
Operations Review: Interview Data Controls the access to the interview data, i.e. answers to questions within the interview review screen Doesn't Allow Access Allows Viewing the data section Allows Viewing the data section and editing  Same as 'Write'.
Operations Review: Interview Data - PII Controls the data that is marked as Personally Identifiable Information, ie: answers to the questions within the interview review screen Interview data that is marked as PII is obscure  Allow viewing the data section but does not allow changing the data  Allows viewing the data section and changing the data Same as 'Write' 
Operations Review: Interview Status Controls the access to the interview status within the interview review screen Allows viewing the current interview status but doesn't allow changing it  Same as 'None' Allows viewing the interview status and changing the status Same as 'Write' 
Operations Review: Quality Control Tab Control the access the Quality Control Tab within the interview review screen Doesn't Allow Access Allows Viewing the Quality Control Tab but doesn't allow answering the QC Questions or manipulating the QC Score Allows Viewing the Quality Control Tab and answering the QC Questions and manipulating the QC Score Same as 'Write'
Operations Review: Quality Control Tab (Restricted Part) Control the access the Quality Control Tab 'Restricted QC' part within the interview review screen QC Tab 'Restricted Part' of the QC Tab is not shown. Allows Viewing the 'Restricted Part' of the QC but doesn't allow answering the QC Questions of the 'Restricted Part' Allows Viewing 'Restricted Part' of the QC tab and answering the QC Questions of the 'Restricted Part'  Same as 'Write'
Project Overview Controls the access to the 'Project Overview' screen that shows you the current stage and calendar of a project.  Doesn't Allow Access Allows Viewing the 'Project Overview' screen Allows Viewing the 'Project OVerview' screen along with changing the current stage of the project pipeline  Same as 'Write' but also allows changing the project pipeline stage details and switching project pipelines.
Quotas controls the Access to the 'Quotas' screens that enables Viewing the current quotas progress and to set the quota targets for interviews or globally Doesn't Allow Access Allows Viewing the quotas progress along with exporting the data Allows Viewing the quotas progress along with exporting the data and setting targets or changing exceed-action settings. Same As 'Write'
Rounds Controls the Access to the 'Rounds Settings' screens that enables controlling the current rounds settings of the project Doesn't Allow Access Allows Viewing the current and past rounds Same As 'Read' and also Allows Editing/adding/updating rounds  Same As 'Write' but also Allows Deleting rounds
Security Controls the Access to the 'Security Settings' screens of a project that enables controlling the security roles of Users within the current project Doesn't Allow Access Allows Viewing the current security settings Allows both Viewing and Editing the current security settings of this project. Same As 'Write'
Survey controls the Access to the 'Survey Design' screens (Scripts) of a project essentially controlling who has scripting Access Doesn't Allow Access Allows Viewing the list of surveys in a project and to open the survey script Allows both Viewing surveys and creating new surveys and changing existing surveys  Same As 'Write' but also Allows Deleting surveys
Surveyors Controls the Access to the 'Surveyors' screens of a project that controls the interviewers assignment to the project. Doesn't Allow Access Allows Viewing the list of surveyors in the projects Allows both Viewing existing surveyors and also adding new surveyors to the projects Same As 'Write' but also Allows removing surveyors from the project.
Tabulation controls the Access to the 'Tabulation' screens of a project (Premium Feature) that enable basic tabulation and cross tabulation of the project data Doesn't Allow Access Allows full Access to create tabulation and cross tabulation on the project data Same As ''Read'' Same As 'Read'

 

That's It !

Visit us at our website - http://www.dooblo.net 

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.