User roles and permissions are key components of Radar workspace security. Permissions authorize users to perform particular actions on a per-project or per-view basis. Roles act as the sets of permissions that control user access to projects, status reports, views, and various features on a “global” level.
Radar has four types of roles and access levels available for users:
|Owner||Owners have full access to the workspace and all its features and settings. They can configure fields, manage the subscription plan and user accounts, create, access and edit all projects, status reports and views, review the activity stream, and deactivate the workspace.|
|Admin||Admins have the same rights as Owners, except for a few administrative functions such as the ability to invite, edit and delete users, manage billing and payments, and access the activity stream.|
|Reporter||Reporters can add, edit, and otherwise manage their own projects and status reports. If special permission has been granted, they can also access and edit views and other users’ projects.|
|Viewer||Viewers can only view and edit projects and views to which they have been provided access. The ability to edit a project includes the ability to create and submit status reports for it.|
All users in a Radar workspace have a role. The very first user, i.e. the person who registers the workspace, is assigned the role of an Owner automatically. Everyone else is granted a role when they’re invited to join the system by one of the Owners.
Workspace Owners alone have the authority to grant and remove various types of global access by making the appropriate changes in user profiles. Users in other roles have no control over the role assigned to them or others.
However, to meet the security and access requirements of any organization, some viewing and editing rights can be provided through groups and on a per-project basis.
By sharing a view with a group, all users in the group can be given the same permission to view or edit the view, irrespective of the privileges associated with their role. On a project level, a user with somewhat limited Reporter rights can be authorized, for example, to edit a project that had been added by another user.
This way, the same user can be given different permissions in different projects or for different views without having to completely override their global access rights.
Roles can only be assigned by Owners. Permissions at the view and project level can be granted by anyone with the right to edit a given view or project.