Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You can create custom project roles and give these roles the desired permissions for accessing parts of your project space. To do this, select the Users tab, then Roles and Permissions. Once on this page, you can choose to add a new role, or to edit any existing role, other than Admin. Either action will trigger the modal seen below:

Image RemovedImage Added


Most Area Access permissions come with multiple layers of access:

...

Web Users

Invite new web users, manage account settings, remove membership.

This permission will be hidden if Full Organization Access is disabled.

Mobile Workers

Create new accounts, manage account settings, deactivate or delete mobile workers

Groups

Manage groups of mobile workers

This permission will be hidden if Full Organization Access is disabled.

Groups
(Sub-permission)

Allow changing group membership

This permission allows you to assign mobile workers to a group. This is typically controlled by the "Edit Mobile Workers" permission, but this option may be useful if you need users who can edit group membership, but not otherwise edit mobile worker data.

Locations

Manage locations in the Organization's Hierarchy

Locations
(Sub-permission)

Allow changing workers at a location

This permission allows you to assign mobile workers to a location. This is typically controlled by the "Edit Mobile Workers" permission, but this option may be useful if you need users who can edit location membership, but not otherwise edit mobile worker data.

Data

View, download and edit form and case data, reassign cases.

Web AppsAllow users to enter data using Web Apps.
Access APIsGeneral access to CommCare HQ APIs. Individual APIs require additional specific permissions - for example, the bulk upload users API requires permission to edit mobile workers. Unchecking this permission allows you to completely revoke access to all APIs.

Applications

Modify or view the structure and configuration of all applications.

This permission will be hidden if Full Organization Access is disabled.

Roles & Permissions

View web user and mobile worker roles & permissions (only Admins can edit roles)

This permission is ‘View Only’ for all roles except Admins. View access can be deselected to prevent users from viewing Roles & Permissions entirely. This permission will be hidden if Full organization Access is disabled.

Reports Permissions

Create and Edit Reports

Allow role to create, edit and delete reports using the Report Builder.

This permission will be hidden if Full Organization Access is disabled.

Access All Reports

Allow role to access all reports.

If this permission is disabled, you have the option to grant access to individual reports.

Access Specific Reports

If Access All Reports is disabled, a list of specific reports will appear. You can grant or deny the role access to each report individually.

Other Settings Permissions

Manage Subscription Info

Allow role to manage subscription information.

Subscription info can be found under your project settings. This permission will be hidden if Full organization Access is disabled.

Full Organization Access

Allow role to access data from all locations.

If disabled, your users must be assigned locations in order to access CommCareHQ. Disabling this permission renders obsolete Web Users, Groups, Applications, Roles & Permissions, Create and Edit Reports and the Manage Subscription Info permissions and hides them from view. For further information, please see the Full Organization Access sub-section.

Access All Reports

Allow role to access all reports.

If this permission is disabled, you have the option to grant access to individual reports.

Default Landing Page

Upon login, the permission decides where the user begins; on the Dashboard, Web Apps or Reports. If Use Default is selected, mobile workers will be directed to Web Apps and Web Users will go to the dashboard.

Allow Reporting Issues

Allow this role to report issues. This permission is enabled by default.

Non-Admin Editable

Allow non-admins to assign this role to other users. Users can assign roles on the Web Users page

...