How to Assign Permissions

Introduction

This guide explains how to assign permissions to users at the site, group, and project levels in Flywheel.

For conceptual information about roles and permissions, see Roles & Permissions Concepts.

Prerequisites

• Site Admin role to manage site-level roles
• Group Admin role to manage group-level roles
• Project Admin role to manage project-level roles

Assign Site Roles

You must have the Site Admin role to manage site roles of users. The site role can be assigned when a user is created, or edited for an existing user.

1. Navigate to Users in the left Navigation Bar
2. Select a user
3. Select the Information tab
4. Next to Role, select a role from the dropdown
5. Click Save

Available Site Roles

• Admin - Full platform access, can manage users and groups
• Developer - Can upload and manage gears
• User - Standard user, requires group/project permissions to access data

Assign Group Roles

Group roles give users broad permissions within a Group but do not automatically grant project access.

Note: Assigning a Group role does not automatically add users to Projects in that Group.

You must have the Group Admin or Read-Write Role to manage Group Roles for users.

1. Navigate to Groups in the left Navigation Bar
2. Select a group
3. Select the Permissions tab
4. Modify the group Role(s)
5. Click Save

Available Group Roles

• Admin - Can manage group settings, create projects, manage roles
• Read-Write - Can view group settings and roles
• Read-Only - Can view group settings and roles (no modifications)

Assign Project Roles

Project roles control who can view, edit, and delete data within that Project. Only a Project Admin or Site Admin can manage Project Roles.

Note: You can give users access to a Project without giving them a Group role. This is useful when you want users to access specific projects but not the entire group.

1. Navigate to the Project
2. Select the Permissions management page
3. Click Add Permission or modify existing permissions
4. Select a user and assign a role
5. Click Save

Available Project Roles

• Admin - Full project control, can manage permissions and settings
• Read-Write - Can view and modify data, run gears
• Read-Only - Can view data and download files
• Custom Roles - Fine-grained permissions tailored to your needs

For details on what each role can do, see the Permission Matrix.

Use Project Templates for Consistent Permissions

Project templates allow you to standardize project roles across a group. This configuration sets default roles when projects are created, and changes can be applied to existing projects.

Learn more about creating a project template.

Best Practices

Follow the Principle of Least Privilege

Grant users only the minimum permissions needed to perform their tasks. Start with restrictive roles and add permissions as needed.

Use Custom Project Roles

For sensitive projects, create custom roles with specific permissions rather than using Read-Write for everyone. Learn how to create custom roles.

Separate Admin and User Accounts

Consider creating separate accounts for administrative tasks and day-to-day research work. This reduces the risk of accidental changes to critical settings.

Document Your Permission Strategy

Maintain documentation of who has access to what and why. This helps during audits and when onboarding new team members.

Regular Permission Audits

Periodically review user permissions using Access Logs to ensure they remain appropriate. Remove access for users who no longer need it.

Related Topics

• User Roles and Permissions Concepts
• Create a New User
• Create Custom Roles
• Permission Matrix Reference