In Breeze, setting up user roles and permissions comes with powerful flexibility, including the options to 'Allow Access To' or 'Restrict Access From' certain data. This article demystifies the choice between these two permissions, guiding you on when and how to use them effectively to tailor access rights. Whether adding new items or adjusting roles, understanding these permissions ensures a seamless and secure user experience within Breeze.
Many times when setting up Users & Roles the question is asked "Do I need to select both allow access to and restrict access from in the role permissions?" So glad you asked about this!
When creating or editing a role, you do not need to select both the allow access to and restrict access from options. You should select one or the other based on how you would like the role to handle new additional items added to that section.
To Access Roles:
- Account Settings () > Users & Roles
- Click "Roles" on the left side, and click to edit (pencil icon) the role you'd like to modify.
- Allow Access To Restrict Access From Conflicting Permissions
- If you choose to allow access, the role will only be able to see the specific tags, calendars, forms, etc. that you select.
When you add new tags, calendars, forms., to the database a role with allow access permissions, you would need to update the role in order for it to have permission to view the new options.
- If you choose to "restrict access from," it means that the role will not be able to see those specific tags, calendars, forms, etc. that are selected. When you add new tags, calendars, forms, etc., to the database, a role with restricted access would, by default, have access to these new options. If you wanted a role not to have access to a new item, you would need to update the role to restrict access from it.
What happens if a Role has both Restrict Access From and Allow Access To Permissions?
If a role has conflicting permissions, And both "Allow Access To" and "Restrict Access From" are selected for the same section, the user with this role may get an error while trying to use Breeze.
The most restrictive permissions will be used for this role, allowing them to see the least amount of information in this section.
What happens if a Role has all Permissions Selected Under Only Access Certain Tags?
If a role has permissions to all three, "Access All", "Allow Access To" and "Restrict Access From", The Access All permission will supersede the other options, granting a role Access to All of that particular section.