User Management & Permissions
Roles
Codecks differentiates between org-wide roles and project-specific roles.
Here’s a high-level overview of org-wide roles:
-
OwnerAssigned to the creator of an organization. There may only be one owner.
-
AdminHave access to all projects and can manage billing and integrations.
-
StaffMay access assigned projects only. Can be assigned the project-specific
Producerrole. -
ObserverMay access assigned projects only. They can’t change any data but may add comments to cards.
Users with the Staff role may be given the project-specific Producer role. A producer can manage decks, milestones and integrations for the project. The producer role is available to organizations with the Pro plan.
Project Visibility
Admins and Owners have access to all projects. Projects have a visibility setting which determines if all Staff members can access a project or whether they need to be explicitely added. Observers always have to be explicitely added, no matter the project visibility setting.
Limited Project Visibilty is available in the Pro plan.
Permissions
Limited vs Full Staff Permissions
Admins and Owners can set Staff Permissions with the User Management screen. Full Staff Permissions allows all Staff members to
- create and manage decks
- create and manage project-specific milestones
- manage global milestones
- manage journeys
- manage project tags
in the projects they have access to.
Permission Matrix
The list below shows the minimum role that has permission to perform or access the corresponding actions.
Here’s the full hierarchy to know what a minum role implies:
Owner > Admin > Producer > Staff > Observer
This means that if a Producer is allowed to perform a certain action, then the Owner and Admins are also allowed to do it.
Entries marked with Staff* imply that Staff Permissions are set to Full. Otherwise these actions are only available to Producers.
Organization-based Permissions
| Action | Minimum Role |
|---|---|
| Can view user overview | Observer |
| Can manage integrations 1 | Producer |
| Can manage billing | Admin |
| Can invite users | Admin |
Can assign org-wide roles (except Owner) | Admin |
| Can manage organization settings | Admin |
| Can delete attachment files | Admin |
| Can disable organization | Owner |
| Can assign different Owner | Owner |
1 Producers will be able to access all integrations. But project or deck names they don’t
have access to won’t be shown. They may only pick target decks from projects they are producer of.
Project-based Permissions
| Action | Minimum Role |
|---|---|
| Can modify and archive project | Producer |
Can manage user project access for Staff and Observers | Producer |
| Can assign project-specific user role | Producer |
| Can make project public | Producer |
| Can create and manage project tags | Producer / Staff* |
| Can create project | Admin |
| Can delete project | Admin |
Can change default access for Staff and Observers | Admin |
Milestone-based Permissions
| Action | Minimum Role |
|---|---|
| Can pin milestone | Observer |
| Can assign cards to milestones | Staff |
| Can create and manage project-specific milestones | Producer / Staff* |
| Can manage global milestones | Producer / Staff* |
| Can create global milestones | Admin |
Deck-based Permissions
| Action | Minimum Role |
|---|---|
| Can assign cards to decks | Staff |
| Can create and manage decks | Producer / Staff* |
| Can create and manage journeys | Producer / Staff* |
| Can set preferred card sort order in deck | Producer |
| Can modify public deck’s deck order | Producer |
Card-based Permissions
| Action | Minimum Role |
|---|---|
| Can bookmark card | Observer |
| Can create & modify card | Staff |
| Can create card preset | Staff |
| Can manage card preset | Admin |
Invite Users
If you open the Mission Control via the Joystick icon at the top left, you’ll find the User Management section. This contains an overview of the current users as well as two options for inviting new members to your organization if you are an admin or owner.
Invite via E-Mail
This option allows to invite users on a one-by-one basis by entering their email. This will sent a message to the entered email containing a link that allows to join your invitations. This option allows to define the user’s role as well as which project access this user should get.
Invite via Link
If you want to invite multiple team members in one go, you can generate an invite link. This will allow anyone who has access to it to join your organization. The person creating the link will receive a confirmation email for each person joining. The invited people will join as staff members with the default project accessiblity rights. You can disable this link anytime by pressing the “Disable Link” button.