Permissions model
In Eversend, it is possible to to configure multi-level access rights for users.
Access rights hierarchy
When determining whether a user should have access to a resource, Eversend uses the following hierarchy.
Admin access: access is automatically granted if the user is an admin.
Section access: access is granted if the user has viewer/editor/owner acces to the section hosting the resource.
Team access: access is granted if the user belongs to a team that has access to the resource.
Direct access: access is granted if the user is given direct access to the resource.
Subordinate access: access is granted if the user is an owner of a team and one of the members of said team has access to the resource.
Admin access
Admins have full access to all sections and resources of Eversend regardless of individual permissions given to an admin.
User access
Users can see all sections of Eversend but their access to resources and certain actions can be configured granularly.
Section access
There are four options for configuring what sort of access a user has to a section.
Info
It is impossible to completely prevent a user from seeing and opening different sections.
Name | Definition |
|---|---|
Non-access | When accessing the section, the user can only see the resources that they have created themselves or have been given direct access to as viewers/editors/owners. |
Viewer | When accessing the section, the user can see all resources in this section, give viewer access to other users and perform other permitted actions on certain resources. |
Editor | When accessing the section, the user can see all resources in this section, edit them and give editor/viewer access to other users. |
Owner | When accessing the section, the user can see all resources in this section, edit them and give owner/editor/viewer access to other users. |
Section owners can also manage access rights to a section. |
Note that users cannot manage access rights above their own. For example, viewers can only give viewer access to resources they can view while editors can give viewer and editor access.
Resource access
There are three options for managing access rights to individual resources.
Name | Definition |
|---|---|
Viewer | The user can see the resource and perform view-only actions (e.g., copying a contact’s ID in the contact list). The user can also give viewer access to the resource. |
Editor | The user can see and edit the properties of the resource. The user can also give editor/viewer access to the resource. |
Owner | The user can see and edit the properties of the resource. The user can also give owner/editor/viewer access to the resource. |
Resource creation access
Two options exist when defining whether a user can create new resources of a certain type/in a certain section.
Name | Definition |
|---|---|
Non-creator | The user cannot create resources of a certain type/in a certain section. |
Creator | The user can create resources of a certain type/in a certain section. |
Info
Even if owner access is given to a particular section, a non-creator user will not be able to create new resources in this section.
Info
Whenever a user creates a new resource, they automatically get owner access to said resource.
Team access
A team can be provided with owner/editor/viewer access to a section or a resource.
In this case, all users in the team will be provided with the same level of access given to the team itself. In addition, if a user is made an owner of a specific team, they will automatically inherit the access rights of said team and all access rights of the team members.
Teams can also have parent teams. A team automatically inherits the access rights of its parent team and vice versa.
No upward and lateral access
Team members do not automatically get the access rights of the team owner. Team members also do not gain automatic access to each other’s resources.