Permissions

asterisk Contents

Flow Production Tracking provides advanced permissions to control who can see and do what throughout the system. Permissions are controlled by 'permission roles'; one person is assigned to one role.

Default roles that ship with Flow Production Tracking are:

Admin Admins have complete control over all operations in Flow Production Tracking (the only exceptions here include modifying things that are required by the system, such as deleting the Template Project).
Artist Artists can only see Projects that they are specifically assigned to. Artists can update or edit:
- Notes if they are the author of that Note,
- Status fields on Tasks they are assigned to, though they can’t edit other Task fields,
- Versions, Time Logs, and Tickets if they are the creator of those entities.
Manager Managers share most functionality with Admins but have certain entities restricted by default. There are no conditional permissions present on the manager default group.
Vendor Vendors can only see Projects that they are specifically assigned to. Additionally, Vendors can only see:
- Tasks that they (or a group that they are in) are assigned,
- Shots and Assets if they (or a group that they are in) are assigned to a Task on that Shot or Asset,
- Notes if they (or a group that they are in) are in the To or CC field, or if they created the Note, and
- Versions that they create.

Admins can create new permission roles.

  1. Select the “+ New Permission Role” button in the upper right of the permissions page.

    perms_02.png
  2. You’ll need to give the new permission role a name, and choose a Template. Default permissions will be set for the new permission role based on the template you choose. This saves a lot of time in setting up brand new permission roles.

Finding out what the default permissions are

You can easily find out exactly what your stored default permissions are by following these instructions.

Note:

We occasionally change how these defaults work. When these updates occur, we never modify the permissions in use on your site, but we do change the stored defaults. This is documented in release notes.

What you can control with permissions

Reset to defaults

From the permissions page, you can reset any permission role back to its default permission state (the exact same default permissions that come bundled with a newly installed version of Flow Production Tracking). Here are the default roles:

Note:

There is no default Vendor role.

Resetting a role to one of the stored defaults

Note:

You currently cannot reset a group to the default vendor permissions in the UI. If you need to reset to the vendor defaults, please contact support. It is recommended that you make a copy of your vendor group before you edit it.

You can see and edit permissions on individual fields or entities themselves, or in the Permissions area of the Admin menu (for those with permission!).

Checking a person's permissions

To see or modify which permission group a person is in, go to the People page. Each person’s account record has a permissions group field where you can change their permission group, and therefore what changes they’re able to make in Flow Production Tracking.

Double-click into the field to choose the right permission role for each Person. You can also select multiple People, and right-click anywhere in the permission group field on a record. Choose "Edit Selected", and then choose the permission role to apply to everyone in one go.

perms_01.png

Example: Editing permissions on a field

This is the most common case for ongoing permission tweaking, so we'll start here. Every field in Flow Production Tracking has two types of permissions on it: who can see the field and who can edit the field.

Who can do this?

Anyone who can edit fields has access to the configure field dialog. Just right-click on the column header of the field (in list mode), select the "Configure field..." option, then click the Permissions tab in the dialog that appears, make your changes, and click 'Update field'. This is good to quickly view or adjust permissions on individual fields, and can be done on any grid page.

Permissions grid configuration

Note:

If any checkbox in the permission tab is greyed out, this means that the field is either not editable or there is a conditional (advanced) permission rule configured on the field, and it cannot be edited.

Example: Editing permissions on an entity

In the entities section of site preferences, you'll notice a 'Permissions' section. Selecting this loads in all the permissions, by permission role, for that particular entity type—handy when you want to see and edit permissions when dealing directly with an entity. Every entity in Flow Production Tracking has four types of permissions: who can see it, who can create it, who can retire it, and who can edit it.

Permissions on an entity

Entity Permissions from Site Preferences. Every entity listed in site preferences has an expandable Permissions section that allows you to see and edit permissions for that entity.

Changing entity permissions

How entity permissions work

Example: Editing permissions on a personal page

While in Design Mode on a global page (a page not assigned to a Project), you can choose to either share that page with “No One” (so it’s private), or “Everyone”, then pick the permission groups who can see it.

Permissions on a global design page

While in Design Mode on a page that is assigned to a Project, you can also pick the permission groups who can see it.

Permissions on a project design page

Page permissions only control the visibility of the page in the Pages menu. Page permissions do not control visibility of the data on a page.

Permission overview and advanced permissions

If you would like to access a single place to view or change permissions of any kind, go to the Admin Permissions page. From here, you can edit entity permissions, field permissions, app permissions, reset roles to default settings, and assign advanced administrative access (like who can set permissions or save pages).

Advanced permissions

About the Permissions page

Each enabled permission role (e.g., Admin, Artist, Manager, and Vendor) shows up on the Permissions page with the following expandable options:

Summary

The summary shows you a breakdown of permissions for a role (warning: this breakdown can be a little technical—be sure to dive deeper into permission summaries here.

Entity Permissions

This shows all enabled entities, broken down by permission role. For each entity, it shows the see, create, delete, and edit permissions for that role.

Permissions on a manager entity

Note:

Greyed out checkboxes indicate that there's a conditional (advanced) permission rule for that operation (e.g., Artists can only edit Timelogs they are linked to and edit fields on Notes they have created).

Example: Allowing Artists to create Tasks

Field Permissions

Field Permissions are broken down by permission role, then by entity type. They show the See and Edit permissions by field for a given permission role. By default, permissions on entity fields are inherited from the entity-level permissions. For example, if you configure the Artist role to be able to Edit the Task entity, they'll also be able to edit any Task field (with certain exceptions), unless explicitly prohibited.

The following types of fields can never be configured to be editable:

Permissions for manager

Note:

Greyed out checkboxes indicate that the operation (for example, Edit Asset > Created by) is protected as the field is read-only (in the case of audit fields), or that the operation is protected by a conditional (advanced) permission rule. To find out why a particular field isn't editable, hover over it to see a tooltip.

Example: Allowing Artists to edit the Asset Description field

Advanced

Use these preferences to control access to more specific administrative features, described below.

Permissions admin

Advanced Permission Advanced Permission Name Description
Access Admin Functionality Access Admin Functionality This checkbox preference only gives access to admin UI options. Full access to admin functionality (e.g., unretiring entities) may require specific permissions adjustments on a per-entity basis. Learn more about Access Admin Functionality here.
Show Webhooks Show Webhooks When enabled, users can see the Webhook Admins screen (via the Admin menu) and make Webhooks API requests.
Hide and unhide fields in Projects Hide and unhide fields in Projects When enabled, users can edit the visibility of fields in a Project via field configuration and through Project Settings.
Show all Action Menu Item activity Show all Action Menu Item activity When enabled, users can see all Event Log Entries generated by users when using Action Menu Items.
Generate logs for Toolkit activity Generate logs for Toolkit activity If using Toolkit, then there are certain actions that create EventLogEntries via the API. Allowing the creation of these EventLogEntries prevents Toolkit from breaking while keeping the default of not being able to create entities. For more information, visit the Toolkit community.
Edit global formatting Edit global formatting Only users with this permission will be allowed to create Global Formatting rules, which affect formatting on every page in Flow Production Tracking.
Edit Work Schedules Edit Work Schedules When enabled, users will be able to edit Work Shedules.
Show "Other" menu in Project navigation Show "Other" menu in Project navigation When enabled, users see the "Other" menu dropdown in the Project Navigation bar.
Show saved filters Show saved filters When enabled, users can see and select saved filters in the filter panel.
Edit project navigation Edit project navigation When enabled, users can configure and edit what is visible in the Project Navigation bar.
Create and save project pages Create and save project pages When enabled, users will be able to add new pages or save existing ones to a Project.
Edit form layouts Edit form layouts When enabled, users can save and edit the layout of entity creation forms.
Edit built-in "Home" page Edit built-in "Home" page When enabled, users can save and edit the system "Home" page.

Note: At one point, everybody had the same customizable Home Page, but now that users can configure their own Home Page via Account Settings, this permissions only applies to the original customizable Home Page.

Legacy Home Page
Edit default filters and sorting in "My Tasks" Edit default filters and sorting in "My Tasks" When enabled, users can edit and save the default sorting in "My Tasks".
Set defaults for project navigation pages and entity detail pages Set defaults for project navigation pages and entity detail pages When enabled, users can save pages within a Project that are accessed from the Project navigation bar as well as entity detail pages.
Set defaults for shared global pages (includes people page) Set defaults for shared global pages (includes people page) When enabled, users can edit and save 'Shared' pages belonging to anyone which includes the People Page.
See all projects See all projects When enabled, users can see every Project in Flow Production Tracking. When unchecked, users will only have access to Projects (including data linked to those Projects) that they are linked to via the Project field on their Person record.
Perform action as though logged in as another user Perform action as though logged in as another user When enabled, users can assume the identity of other users. When enabled for an API permission role, the sudo_as_login variable may be used when establishing a Flow Production Tracking connection.
Show the Overlay Player Show the Overlay Player When enabled, users can access the Overlay Player to review uploaded media in Flow Production Tracking, provide feedback with Notes and annotation tools, and see related media.

A deeper dive into Permissions

Parent page: Site Configuration