Management and Use Cases of Resource Permissions

The node resources you create in the space, such as databases, folders, automations, dashboards, documents, etc., can have access permissions set.

You can allocate permissions in detail based on different roles, members, and departments to effectively control data access and operations. Through permission management, you can ensure that each space member can only access and operate functions and data related to their responsibilities, greatly enhancing data security and privacy.

In this article, we will introduce the scenarios and usage of resource permissions.

How to Assign Permissions to the Team

Bika provides two different granularity methods: "Global Settings" and "Single Node Resource Settings" to allow Space administrators to efficiently and conveniently assign different permissions to different members and teams in the space.

Set Permissions for a Single Node Resource

Suppose you have a folder in the space that stores all customer contract materials, and you want only the sales and finance team members to access and edit this folder. You can set permissions for this folder individually.

Steps:

In the "Team Resources" section of the left navigation bar, find the node resource for which you want to set permissions.
Click the "..." button on the right of the node resource and select "Share and permissions".
In the dialog box that pops up, first select the member, team, or role, then choose the corresponding permission.
Finally, click the "Add" button to complete the permission setting.

Set Initial Permissions for All Members in "Space Settings"

Teams of different scales and different types of work also have different requirements for resource permissions. In Bika, you can set the resource permissions within the entire scope of the space according to the actual situation of the team.

If you're the space administrator and want all members to have default permission to view all node resources but not create new ones under the root node, you can achieve this by setting global permissions in the "Space Settings".

Steps:

Click the space's name in the left navigation bar, then click the "Settings" button to enter the "Space Settings" modal dialog.
On the "Space Settings" modal dialog, find the "Customize initial access permissions for resources" setting item, and select an initial permission according to the actual situation. After members join the space, they will have this permission by default for all node resources in the space. If not enabled, all members will have "Manage" permissions by default. (If a node resource has individual permissions allocated, those permissions will take precedence.)

Operational Scope of Resource Permissions

The operational scope corresponding to permissions varies by resource type.

💡Basic Operations and Permissions for All Resource Types:

Operation	Space Admin or Management Role	"Can manage"	"Can edit"	"Update only"	"Can view"
Assign permissions	✅	✅	-	-	-
Move resource(s)	✅	✅	-	-	-
Rename	✅	✅	-	-	-
Delete resource(s)	✅	✅	-	-	-
Share	✅	✅	-	-	-
Edit description	✅	✅	-	-	-
View content	✅	✅	✅	✅	✅

💡Folder Operations and Permissions:

Operation	Space Admin or Management Role	"Can manage"	"Can edit"	"Update only"	"Can view"
Create sub-resources	✅	✅	-	-	-
Import	✅	✅	-	-	-
Export	✅	✅	-	-	-

💡Database Operations and Permissions:

Operation	Space Admin or Management Role	"Can manage"	"Can edit"	"Update only"	"Can view"
Add, delete, modify views	✅	✅	-	-	-
Add, delete, modify fields	✅	✅	-	-	-
Sort, filter, group	✅	✅	✅	✅	✅
Add records	✅	✅	✅		-
Update records	✅	✅	✅	✅	-
Delete records	✅	✅	✅	-	-
Comment	✅	✅	✅	✅	✅
Incremental import	✅	✅	✅	-	-

💡Automation Operations and Permissions:

Operation	Space Admin or Management Role	"Can manage"	"Can edit"	"Update only"	"Can view"
Add, delete, modify triggers	✅	✅	-	-	-
Add, delete, modify actions	✅	✅	-	-	-
Start, stop automation	✅	✅	-	-	-
View "Run history"	✅	✅	-	-	-

💡Document Operations and Permissions:

Operation	Space Admin or Management Role	"Can manage"	"Can edit"	"Update only"	"Can view"
Edit Document	✅	✅	✅	✅	-

💡Dashboard Operations and Permissions:

Operation	Space Admin or Management Role	"Can manage"	"Can edit"	"Update only"	"Can view"
Add, delete, modify widgets	✅	✅	-	-	-

💡Form Operations and Permissions:

Operation	Space Admin or Management Role	"Can manage"	"Can edit"	"Update only"	"Can view"
Submit data	✅	✅	✅	✅	✅
Edit form	✅	✅	-	-	-

Use Cases

We've provided some use cases to help you better understand the management and application of resource permissions, based on the size and needs of different teams.

Use Case 1: Resource Management in a Small Team

If you are the space administrator for a small team (no more than 5 people) with relatively loose control over node resources, you can do the following:

Steps:
1. Keep the "Customize initial access permissions for resources" in Space settings at default.
2. Set permissions for data-sensitive node resources individually, specifying which members can access, edit, and manage them.
Effect:
- Only specified members can access, edit, and manage data-sensitive node resources.
- All the other node resources are under the "Can manage" permission for all team members, who can add, delete, and modify the content.

Use Case 2: Resource Management in a Medium-Sized Team

Suppose you are the space administrator of a medium-sized team (with 5 to 50 people). Team members create a large number of node resources on a daily basis, which makes the "Team Resources" area on the interface look chaotic. If you want to limit the scope of operations of the members and standardize the paths where everyone stores resources, you can do it like this:

Steps:
1. Set the "Customize initial access permissions for resources" in Space settings to "Can view".
2. Set permissions for data-sensitive node resources individually, specifying which members can access, edit, and manage them.
3. Create a folder under the root node for different teams/departments and assign the "Can manage" permission to the members of those teams/departments.
Effect:
- For node resources that are data-sensitive, only the designated members are allowed to access, edit, and manage them.
- Regarding the folders of departments/groups, only the members of those specific departments/teams can manage them, and the rest of the members are not allowed to view across departments.
- For all the other node resources, all members are by default granted the "Can view" permission, which means they can only view the content and are unable to create new node resources under the root node.

Use Case 3: Resource Management in a Large Organization

Suppose you are a space administrator of a large organization (with more than 50 people). There are numerous members and a large number of departments. There are also plenty of resources in the "Team resources" area, which makes it difficult to search for them. What's more, these resources are prone to being accidentally deleted or edited wrongly, and sensitive data is likely to be leaked. To solve these problems, you can do it like this:

Steps:
1. Set "Customize initial access permissions for resources" in Space settings to "No access".
2. Set permissions for data-sensitive node resources individually, specifying which members can access, edit, and manage them.
3. Create folders under the root node for different departments/teams and assign the "Can manage" permission to the members of those departments/teams.
4. Create a "Shared by All" folder, move public resources into it, and set permissions specifying which members can access, edit, and manage it.
Effect:
- Only specified members can access, edit, and manage data-sensitive node resources.
- Only members of a department/group can manage their folders, and other members cannot view across departments.
- Different members have varying levels of permissions for the public folder, allowing them to view, edit, and manage.
- For all the other node resources to which no permissions have been individually assigned, except for the space administrators and those with the special management role, other members are unable to view and access these node resources in the "Team resources" area.

Use Case 4: Resource Access Management for External Partners

If your sales team has created internal sales materials that need to be shared with external partners, where only authenticated partners can view them without editing permissions, you can do the following:

Steps:
1. In the "Guest" tab of the space settings, add a new guest group named "Sales Partners".
2. Create an invitation link for the "Sales Partners" guest group and send it to the sales partners.
3. Create a folder for storing sales materials.
4. Set permissions for the "Sales Materials" folder, specifying the "Sales Partners" guest group with "Can view" permission.
Effect:
- Sales partners can join the space through the invitation link and see the "Sales Materials" folder in the "Shared with Me" area.
- Sales partners cannot see the "Team resources" and "Private resources" areas of the space.

Use Case 5: Publicly Accessible Internet Resources

Suppose you are a member of the marketing team. You've prepared a market research report and a survey, and you need to publicly share the report with users on the Internet for them to read and then fill out the survey. At this time, you can do it like this:

Steps:
1. Create a folder to store the market research report and survey.
2. Click the "..." button on the folder and select "Share and permissions".
3. In the dialog box that appears, select "Internet users with the link can view" and click "Create Short URL".
4. Share the generated short link with internet users.
Effect:
- Internet users can view the market research report and survey questionnaire via the short link.
- Internet users can fill out the survey questionnaire as intended.

Use Case 6: Draft Management

Suppose you're a member of a space and often need to write reports. You don't want other members to see or modify the drafts before you finish writing. At this time, you can do it like this:

Steps:
1. Create a document resource in "private resources" area (or place it in a folder) and start drafting the report.
2. Once the report is completed, click the "..." button on the folder and select "Move to".
3. In the dialog box that appears, choose the target folder under the "Team Resources" area and click "Move".
Effect:
- During the drafting process, other members cannot see or modify the document resource, as it is your private resource.
- After completion, you move the document to the "Team resources" area, allowing other members to view and edit the report.

Use Case 7: Flexible Use of "Shortcuts" to Enhance Personal Efficiency

Suppose you're a member of a Space and frequently need to access a specific node resource. However, the resource has a deep path, requiring multiple clicks to reach it each time. Here's how you can streamline access:

Steps:
1. Open the node resource, click the "..." button in the upper right corner, and select "Add to shortcuts > Add to Personal Shortcuts".
Effect:
- The shortcut to the node resource will appear in the "Shortcuts" area of the left navigation bar.
- From then on, you can quickly access the node resource with one click in the shortcuts area, improving work efficiency.

Use Case 8: Flexible Use of "Shortcuts" to Align Team Work

Suppose you're a team leader, and your team often needs to collaborate on a project, with members needing access to multiple shared node resources located in different folders. Here's how you can facilitate this:

Steps:
1. Open the node resource, click the "..." button in the upper right corner, and select "Add to shortcuts > Add to Space Shortcuts".
Effect:
- The node resource will appear in all members' "Shortcuts" area, allowing everyone to quickly access the node resource.

Template

Help

Pricing