Contents
Flow Production Tracking provides advanced permissions to control who can see and do what throughout the system. Permissions are controlled by 'permission roles'; one person is assigned to one role.
Default roles that ship with Flow Production Tracking are:
Admin | Admins have complete control over all operations in Flow Production Tracking (the only exceptions here include modifying things that are required by the system, such as deleting the Template Project). |
---|---|
Artist | Artists can only see Projects that they are specifically assigned to. Artists can update or edit: |
- Notes if they are the author of that Note, | |
- Status fields on Tasks they are assigned to, though they can’t edit other Task fields, | |
- Versions, Time Logs, and Tickets if they are the creator of those entities. | |
Manager | Managers share most functionality with Admins but have certain entities restricted by default. There are no conditional permissions present on the manager default group. |
Vendor | Vendors can only see Projects that they are specifically assigned to. Additionally, Vendors can only see: |
- Tasks that they (or a group that they are in) are assigned, | |
- Shots and Assets if they (or a group that they are in) are assigned to a Task on that Shot or Asset, | |
- Notes if they (or a group that they are in) are in the To or CC field, or if they created the Note, and | |
- Versions that they create. |
Admins can create new permission roles.
You can easily find out exactly what your stored default permissions are by following these instructions.
We occasionally change how these defaults work. When these updates occur, we never modify the permissions in use on your site, but we do change the stored defaults. This is documented in release notes.
From the permissions page, you can reset any permission role back to its default permission state (the exact same default permissions that come bundled with a newly installed version of Flow Production Tracking). Here are the default roles:
There is no default Vendor role.
Resetting a role to one of the stored defaults
You currently cannot reset a group to the default vendor permissions in the UI. If you need to reset to the vendor defaults, please contact support. It is recommended that you make a copy of your vendor group before you edit it.
You can see and edit permissions on individual fields or entities themselves, or in the Permissions area of the Admin menu (for those with permission!).
To see or modify which permission group a person is in, go to the People page. Each person’s account record has a permissions group field where you can change their permission group, and therefore what changes they’re able to make in Flow Production Tracking.
Double-click into the field to choose the right permission role for each Person. You can also select multiple People, and right-click anywhere in the permission group field on a record. Choose "Edit Selected", and then choose the permission role to apply to everyone in one go.
This is the most common case for ongoing permission tweaking, so we'll start here. Every field in Flow Production Tracking has two types of permissions on it: who can see the field and who can edit the field.
Who can do this?
Anyone who can edit fields has access to the configure field dialog. Just right-click on the column header of the field (in list mode), select the "Configure field..." option, then click the Permissions tab in the dialog that appears, make your changes, and click 'Update field'. This is good to quickly view or adjust permissions on individual fields, and can be done on any grid page.
If any checkbox in the permission tab is greyed out, this means that the field is either not editable or there is a conditional (advanced) permission rule configured on the field, and it cannot be edited.
In the entities section of site preferences, you'll notice a 'Permissions' section. Selecting this loads in all the permissions, by permission role, for that particular entity type—handy when you want to see and edit permissions when dealing directly with an entity. Every entity in Flow Production Tracking has four types of permissions: who can see it, who can create it, who can retire it, and who can edit it.
Entity Permissions from Site Preferences. Every entity listed in site preferences has an expandable Permissions section that allows you to see and edit permissions for that entity.
Changing entity permissions
How entity permissions work
yes
on Artist for the Asset entity type, Artists will be able to edit any Asset field, unless this is overridden in the field permissions. Setting it to no
means that a role won't be able to edit any fields on that entity.While in Design Mode on a global page (a page not assigned to a Project), you can choose to either share that page with “No One” (so it’s private), or “Everyone”, then pick the permission groups who can see it.
While in Design Mode on a page that is assigned to a Project, you can also pick the permission groups who can see it.
Page permissions only control the visibility of the page in the Pages menu. Page permissions do not control visibility of the data on a page.
If you would like to access a single place to view or change permissions of any kind, go to the Admin Permissions page. From here, you can edit entity permissions, field permissions, app permissions, reset roles to default settings, and assign advanced administrative access (like who can set permissions or save pages).
About the Permissions page
Each enabled permission role (e.g., Admin, Artist, Manager, and Vendor) shows up on the Permissions page with the following expandable options:
The summary shows you a breakdown of permissions for a role (warning: this breakdown can be a little technical—be sure to dive deeper into permission summaries here.
This shows all enabled entities, broken down by permission role. For each entity, it shows the see, create, delete, and edit permissions for that role.
Greyed out checkboxes indicate that there's a conditional (advanced) permission rule for that operation (e.g., Artists can only edit Timelogs they are linked to and edit fields on Notes they have created).
Example: Allowing Artists to create Tasks
Field Permissions are broken down by permission role, then by entity type. They show the See and Edit permissions by field for a given permission role. By default, permissions on entity fields are inherited from the entity-level permissions. For example, if you configure the Artist role to be able to Edit the Task entity, they'll also be able to edit any Task field (with certain exceptions), unless explicitly prohibited.
The following types of fields can never be configured to be editable:
Greyed out checkboxes indicate that the operation (for example, Edit Asset > Created by) is protected as the field is read-only (in the case of audit fields), or that the operation is protected by a conditional (advanced) permission rule. To find out why a particular field isn't editable, hover over it to see a tooltip.
Example: Allowing Artists to edit the Asset Description field
Use these preferences to control access to more specific administrative features, described below.
Advanced Permission | Advanced Permission Name | Description |
---|---|---|
Access Admin Functionality | This checkbox preference only gives access to admin UI options. Full access to admin functionality (e.g., unretiring entities) may require specific permissions adjustments on a per-entity basis. Learn more about Access Admin Functionality here. | |
Show Webhooks | When enabled, users can see the Webhook Admins screen (via the Admin menu) and make Webhooks API requests. | |
Hide and unhide fields in Projects | When enabled, users can edit the visibility of fields in a Project via field configuration and through Project Settings. | |
Show all Action Menu Item activity | When enabled, users can see all Event Log Entries generated by users when using Action Menu Items. | |
Generate logs for Toolkit activity | If using Toolkit, then there are certain actions that create EventLogEntries via the API. Allowing the creation of these EventLogEntries prevents Toolkit from breaking while keeping the default of not being able to create entities. For more information, visit the Toolkit community. | |
Edit global formatting | Only users with this permission will be allowed to create Global Formatting rules, which affect formatting on every page in Flow Production Tracking. | |
Edit Work Schedules | When enabled, users will be able to edit Work Shedules. | |
Show "Other" menu in Project navigation | When enabled, users see the "Other" menu dropdown in the Project Navigation bar. | |
Show saved filters | When enabled, users can see and select saved filters in the filter panel. | |
Edit project navigation | When enabled, users can configure and edit what is visible in the Project Navigation bar. | |
Create and save project pages | When enabled, users will be able to add new pages or save existing ones to a Project. | |
Edit form layouts | When enabled, users can save and edit the layout of entity creation forms. | |
Edit built-in "Home" page | When enabled, users can save and edit the system "Home" page. Note: At one point, everybody had the same customizable Home Page, but now that users can configure their own Home Page via Account Settings, this permissions only applies to the original customizable Home Page. |
|
Edit default filters and sorting in "My Tasks" | When enabled, users can edit and save the default sorting in "My Tasks". | |
Set defaults for project navigation pages and entity detail pages | When enabled, users can save pages within a Project that are accessed from the Project navigation bar as well as entity detail pages. | |
Set defaults for shared global pages (includes people page) | When enabled, users can edit and save 'Shared' pages belonging to anyone which includes the People Page. | |
See all projects | When enabled, users can see every Project in Flow Production Tracking. When unchecked, users will only have access to Projects (including data linked to those Projects) that they are linked to via the Project field on their Person record. | |
Perform action as though logged in as another user | When enabled, users can assume the identity of other users. When enabled for an API permission role, the sudo_as_login variable may be used when establishing a Flow Production Tracking connection. |
|
Show the Overlay Player | When enabled, users can access the Overlay Player to review uploaded media in Flow Production Tracking, provide feedback with Notes and annotation tools, and see related media. |