Skip to content

User Roles and Permissions

Introduction

Flywheel roles and permissions provide granular access control over what data, settings, and actions are available to users.

This article explains:

  • An overview of the roles and permissions structure in Flywheel.
  • How to edit a user's Site, Group, or Project role
  • What actions a user can take with each role

Learn more about creating custom project roles.

Instruction Steps

Overview

Permissions vs. Roles

  • Permission: Enables or disables the ability to perform a specific action in Flywheel. For example, adding notes to a Project is a specific permission.
  • Role: A group of permissions that are assigned to a user. For some roles you can edit the permissions.

Site vs. Group vs. Project Roles

Roles can be assigned at the Site, Group, and Project levels. All users have a role assigned at each of these levels:

  • Site role: These roles are broad and assigned when you create a new user. In general, these roles match what the user is doing in Flywheel at a high level. The available site roles are Admin, Developer, and User. Pair these basic site roles with the more granular roles assigned at the Group and Project levels.

  • Group role: Group roles control what actions a user is permitted to take for a Group, but not for the group's projects. The available group roles are Admin, read-write, and read-only.

    Assigning a Group role to a user does not grant the user a role on Projects within that Group. Instead, assign Project roles or (Group) Project Templates.

  • Project role: Project roles control what actions a user is permitted to take for a Project. Flywheel provides 3 standard project roles that cannot be modified: Admin, read-write, and read-only. Users with the Admin site role can create and manage custom project roles for each project. Custom project roles provide the capability to manage fine grained access controls to Projects for the benefit of data confidentiality and security. Learn more about creating or editing a custom role.

Manage Site Roles

You must have the Site Admin role to manage site roles of users. The site role can be assigned when a user is created, or edited for an existing user by following these steps.

  1. Navigate to Users in the left Navigation Bar

  2. Select a user

  3. Select the Information tab

    15ed5665002f7f.png

  4. Next to Role, select a role from the dropdown, and click Save

Site Admin

The Site Admin has the highest site-level permissions. Site Admins can create new Users and Groups and modify user roles and permissions site-wide. You can think of this as a superuser role.

Site Developer

Developers have site-wide permission to upload gears and restrict their availability to specific projects or users. Admins must assign Developers permissions to Groups and Projects in order to see data.

Site User

The User role does not carry any special permissions. Admins must assign Users permissions to specific Groups and Projects in order to see data.

Manage Group Roles

Group roles give users broad permissions for what they can do within a Group, but do not govern project permissions.

Note: Assigning a Group role does not automatically add users to Projects in that Group.

You must have the Group Admin or Read-Write Role to manage Group Roles for users. Group roles can be managed by following these steps.

  1. Navigate to Groups in the left Navigation Bar
  2. Select a group
  3. Select the Permissions tab
  4. Modify the group Role(s), and click Save

15ed566500af26.png

Group Admin

  • Manage & View Group Roles
  • Manage & View Project Template Roles
  • Manage & View Group Settings (name, tags, etc.)
  • Create New Project
    • Required for Smart Copy
  • Delete Project
  • Manage Project Settings

Group Read-Write

  • View Group Roles
  • View Project Template Roles
  • Manage & View Group Settings (name, tags, etc.)

Group Read-Only

  • View Group Roles
  • View Project Template Roles
  • View Group Settings (name, tags, etc.)

Manage Project Roles

Project roles control who can view, edit, and delete data within that Project. Only a Project Admin a Site Admin can manage Project Roles.

Note: If you only want a user to see certain projects under a Group, you can assign the user a role in the Project without giving the user a Group role. To give the user access to a Project, but not the Group associated with the Project, add them from the Permissions screen of the Project.

To Manage Project Roles:

  1. Navigate to the Project
  2. Select the Permissions management page
  3. Modify the group Role(s), and click Save

15ed566501212d.png

Select a permission level for the user.

For a complete list of permissions and what each role can do, see the Permission Matrix Reference.

Tip

Create a project template (group configuration) to standardize project roles across a group. This configuration sets default roles when projects are created, and changes can be applied to existing projects. See our article to learn more about creating a project template.