User Management & Permissions
Roles
Codecks differentiates between org-wide roles and project-specific roles.
Here’s a high-level overview of org-wide roles:
-
OwnerAssigned to the creator of an organization. There may only be one owner.
-
AdminHave access to all projects and can manage billing and integrations.
-
StaffMay access assigned projects only. Can be assigned the project-specific
Producerrole. -
ObserverMay access assigned projects only. They can’t change any data but may add comments to cards.
Users with the Staff role may be given the project-specific Producer role. A producer can manage decks, milestones and integrations for the project. The producer role is available to organizations with the Pro plan.
Project Visibility
Admins and Owners have access to all projects. Projects have a visibility setting which determines if all Staff members can access a project or whether they need to be explicitely added. Observers always have to be explicitely added, no matter the project visibility setting.
Limited Project Visibilty is available in the Pro plan.
Permissions
Limited vs Full Staff Permissions
Admins and Owners can set Staff Permissions with the User Management screen. Full Staff Permissions allows all Staff members to
- create and manage decks
- create and manage project-specific milestones
- manage global milestones
- manage journeys
- manage project tags
in the projects they have access to.
Permission Matrix
The list below shows the minimum role that has permission to perform or access the corresponding actions.
Here’s the full hierarchy to know what a minum role implies:
Owner > Admin > Producer > Staff > Observer
This means that if a Producer is allowed to perform a certain action, then the Owner and Admins are also allowed to do it.
Entries marked with Staff* imply that Staff Permissions are set to Full. Otherwise these actions are only available to Producers.
Organization-based Permissions
| Action | Minimum Role |
|---|---|
| Can view user overview | Observer |
| Can manage integrations 1 | Producer |
| Can manage billing | Admin |
| Can invite users | Admin |
Can assign org-wide roles (except Owner) | Admin |
| Can manage organization settings | Admin |
| Can delete attachment files | Admin |
| Can disable organization | Owner |
| Can assign different Owner | Owner |
1 Producers will be able to access all integrations. But project or deck names they don’t
have access to won’t be shown. They may only pick target decks from projects they are producer of.
Project-based Permissions
| Action | Minimum Role |
|---|---|
| Can modify and archive project | Producer |
Can manage user project access for Staff and Observers | Producer |
| Can assign project-specific user role | Producer |
| Can make project public | Producer |
| Can create and manage project tags | Producer / Staff* |
| Can create project | Admin |
| Can delete project | Admin |
Can change default access for Staff and Observers | Admin |
Milestone-based Permissions
| Action | Minimum Role |
|---|---|
| Can pin milestone | Observer |
| Can assign cards to milestones | Staff |
| Can create and manage project-specific milestones | Producer / Staff* |
| Can manage global milestones | Producer / Staff* |
| Can create global milestones | Admin |
Deck-based Permissions
| Action | Minimum Role |
|---|---|
| Can assign cards to decks | Staff |
| Can create and manage decks | Producer / Staff* |
| Can create and manage journeys | Producer / Staff* |
| Can set preferred card sort order in deck | Producer |
| Can modify public deck’s deck order | Producer |
Card-based Permissions
| Action | Minimum Role |
|---|---|
| Can bookmark card | Observer |
| Can create & modify card | Staff |
| Can create card preset | Staff |
| Can manage card preset | Admin |