How to Configure Permissions in APITable?
When you'd like to determine what your collaborators can and cannot see or edit in the space, you can give them specific permissions. Permission configuration is a good way to ensure data security.
There are three kinds of permissions.
Permissions for space management
Permissions that allows you to change, add, and delete sub-administrators of the space.
Permissions for files - datasheets and folders management
Permissions that determines which files can and cannot be viewed or edited by which collaborators.
Permissions for field management
Permissions that determines which fields can and cannot be viewed or edited by which collaborators.
Permissions mentioned above can be configured by space administrators.
You can read following text to know how to configure different types of perimissions.
Permissions for space management
Configuration button of permissions for space management is in space settings section. To configure this permission, you can follow this path to click the elements in APITable: Settings > Organization > Space admin. Permissions for space management are classified as three levels below.
Main administrator: people who is the owner of the space is main administrator as well. Main administrator has top level of permissions. You can transfer the role of main administrator to other collaborator.
Sub-administrator: Main administrator is able to add sub-administrators, who act as assistants to manage space.
Ordinary collaborators: Collaborators in APITable space except main and sub administrator.
People with different space management permissions can do different actions in specific function sections. Here are the details outlined below.
|Function Sections||Main Administrator||Sub Administrator||Ordinary collaborators|
|Space Overview||✔️Delete and rename space||✔️ View only|
|Organization - Members & Teams||✔️||✔️|
|Organization - Space admin||✔️ Transfer role of main administrator|
✔️ Add sub-administrators
How to add sub-administrators
Only main administrator of the space is allowed to add sub-administrators and configure specific permissions. You can follow the steps to add.
To add sub-administrators, you can follow this path to click the elements in APITable: Settings > Organization > Space admin. Then, click the button of "Add sub-admin"
This will bring up a perimission configuration panel. You can select add whom as sub-administrator and give him/her what types of permissions. If you'd like to know what the permissions refer to, you can click ? icon to see the description.
Permissions for datasheet/folder management
You can determines which files, including datasheets/folders, can and cannot be viewed or edited by which collaborators through configuring file permissions. Go to workbench and open specific datasheet's setup menu, you can configure access permissions to this file. There are six roles with different permission levels for file management.
File access permission levels
Space administrators: include main administrator and sub-administrators of the space for files. They have the top level of permissions.
File administrator: A collaborator who changes the default file permissions will become administrator of this file.
Manager: able to manage datasheets and files (folders) at top permission level, including add, delete, edit any fields.
Editor: able to add, delete views and records field, and allowed to edit fields, but unable to add and delete fields.
Update-only: able to view, add and edit records, but unable to delete records.
Read-only: only allowed to view the data.
Outline of acitions permitted at different permission levels
|Configure file permissions||✔️||✔️|
|Create new files||✔️||✔️|
|Copy files||✔️||✔️||Requires permissions of current and parent files|
|Move files||✔️||✔️||Requires permissions of current and parent files|
|Add file descriptions||✔️||✔️|
|Save as templates||✔️||✔️|
|Actions on view tabs||✔️||✔️||✔️||Add/edit/delete/drag views|
|Actions on toolbar||✔️||✔️||✔️||Customization tools like filter/row height/group/sort/hide|
|Export view data||✔️||✔️|
|Add, delete and edit fields||✔️||✔️||Add, delete, rename fields, change field types, and add field descriptions|
|Change field styles||✔️||✔️||✔️||Adjust width of fields and summary bar, and reorder fields|
|Edit records||✔️||✔️||✔️||✔️||Add and delete records, and edit content in cells|
|Comment in records||✔️||✔️||✔️||✔️||✔️||✔️|
|Add, delete, check robots||✔️||✔️|
|Add and delete widgets||✔️||✔️|
How to configure permissions in workbench
All collaborators are configured with "Manager" permission for all files by default.
If you'd like to make some files only visible or editable to some specific collaborators, you can set permissions.
For example, if you'd like a datasheet only editable to product, operation, and design groups, you need to remove the default permissions of all coworkers in setting panel, and then give "Editor" permission to members in the groups. The members from other groups will be unable to access the datasheet.
If you create a folder to store several datasheets. The permissions of every subfile (datasheet) is defaultly set the same as parent folder.
Back to the example mentioned above, we specified members in product, operaition and design groups are able to edit "Project Management" folder, and a lock icon appeared next to the name of the folder. Permissions of all datasheets that are located in this folder are kept the same as the folder, if we don't update the permissions for collaborators.
Assigning different levels of permissions to different coworkers or groups
You can determine which space collaborators can access which subfiles by to a file individually, without following the parent folder changes.
For example, you want to set the "R&D Task" form as "Editable" for "R&D Group" only, and "Read Only" for "Product Group" and "Design Group".
At this time, you can separately reset the permissions for the "R&D Task" form according to your requirements.
When you reset it, the "R&D Tasks" form also appears with a lock on the working directory, indicating that it has different permissions than the parent folder "Product Development Management".
Assignment of multi-level permissions
Scenario 1: Permissions are set for a member in both the current file and the parent folder
For example, the administrator sets "Product Group" to "Edit" in the "Product Development Management" folder, and sets "Product Group" to "Read Only" in the subordinate file "R&D Tasks".
Then when the members of "Product Group" access the "R&D Task" form, they can only view but not edit the form.
That is, when members access the file, they will read the set permission according to the proximity principle..
Scenario 2: Permissions are set for both members and their groups in the current file
For example, if the administrator sets "Product Group" to "Read Only" in "R&D Task", then all members of the product group can only view the data when they enter the form.
At this time, then set "Zhang San" of the product group to "can edit", then Zhang San can edit the data when he enters the form.
When a member accesses the file, the highest privilege he has is read..
Scenario 3: Higher-level folders have no access rights, but lower-level files have access rights
For example, the administrator did not set the permission for "Operation Group" in "Product Development Management", but set "Operation Group" as "Read Only" in "R&D Tasks".
Then all members of the Operations group cannot find the file "R&D Task" on the working directory because its parent folder is hidden.
That is, when members access the file, they need the permission of the entire parent path of the file.
You can set the "can edit" and "can read only" permission roles for a column in the table.
Column permission roles
- Editable: Allows editing of the cell contents of the column.
- Read-only: Only allows to view the cell contents of the column.
Set column permissions
Let's take an e-commerce scenario as an example. For example, you are the head of operations of an e-commerce department, and you usually use the "Product Information Management Table" to maintain the company's product information, and the members of the department also use this table to maintain the up and down shelves of products on various platforms.
But the "Cost" column in the table you don't want members to see, and the "Platform Price" column is only for members to see but not for them to modify. So how do we achieve the above scenario?
Scenario 1: Set a column to allow only the corresponding members to view but not to edit
For example, you want to set the "Platform Price" column to be viewable only by Operations, but not editable.
You can click the column permission of "Platform Price" and change the permission of "Operations" to "Read Only". Then the members under this department can edit the data in other columns in the table, but they cannot edit the data in the "Platform Price" column.
Scenario 2: Set a column to disallow the corresponding member to view
For example, you want to set the "Cost Price" column to be viewable only by "Myself" and "Boss". Other operators will not be able to view it.
You can click on the column permissions for "Cost" and add "Can Edit" permissions to "Boss", when "Operations" has no permissions configured it means that members under that department cannot view the "Cost" column when they access this form.
Once the setup is complete, the "Me" and "Operations" members will be able to view and edit the different data in the table. Let's take a look at the chart below to see the data in this table that the "Operations" members can see.
You will notice that there is no "Cost Price" column in the table for Operations members, and the "Platform Price" column cannot be edited.