Allow Access To or Restrict Access From
Many times when setting up Users & Roles the question is asked "Do I need to select both allow access to and restrict access from in the role permissions?" So glad you asked about this!
When creating or editing a role, you do not need to select both the allow access to and restrict access from options. You should select one or the other based on how you would like the role to handle new additional items added to that section.
- If you choose to allow access it means that the role will only be able to see the specific tags, calendars, forms, etc. that you select.
- When you add new tags, calendars, forms., to the database a role with allow access permissions you would need to update the role in order for it to have permission to view the new options.
- If you choose to "restrict access from" it means that the role will not be able to see those specific tags, calendars, forms, etc. that are selected.
- When you add new tags, calendars, forms, etc. to the database, a role with restrict access from would by default have access to these new options. If you wanted a role to not have access to a new item, you would need to update the role to restrict access from it.
- If a role has conflicting permissions, If both "Allow Access To" and "Restrict Access From" are selected for the same section the user with this role may get an error while trying to use Breeze.
- The most restrictive permissions will be used for this role, allowing them to see the least amount of information in this section.
What happens if a Role has all Permissions Selected Under Only Access Certain ...
- If a role has permissions to all three, "Access All", "Allow Access To" and "Restrict Access From", The Access All permission will supercede the other options; granting a role Access to All of that particular section.
Only Access Certain People Scenarios
If you select Only Access Certain People > People Not in Tags > select a specific tag(s) anyone that is in that tag(s) will be restricted from the role you are creating, even if the person appears in other tags that Role has access to.
Let's imagine that Fred Flintstone is in the .Visitor2019 tag and in a Mens Ministry tag. In the example below, if I restrict the .Visitors2019 tag (through the People Not In Tags) this role would not be able to see Fred Flintstone, even though he is in the Mens Ministry tag too.
Understanding View and Edit People Permissions
If a role that has access to view or edit certain profile fields (Permission People > View or People > Edit) in the database, when you Add New Profile Fields to the database, this role will have access to the new profile field by default. You would need to update the role and uncheck the new fields, if you do not want a role to have access to it.
In the example below, originally this role had access to People > View > Name and Status (Profile fields). You will see by default when I added a new profile field (This is a new profile field.) this role is given permission to this profile field because it has access to view other profile fields.
If you add a profile field and do not want certain roles to access that profile field, you would need to Edit the Role and unselect the field to remove this permission.