OnBoard provides a detailed approach to security. Users can have a wide range of access levels, such as Meeting access, Resource access, Action access, and more. The reference sheet below describes what each permission has the ability to do within the system.
Before we dive into each permission, it is important to understand two concepts:
1) Organization Administrators are NOT super users. By this, we mean that if one Administrator creates a new meeting, but does not give another Administrator access to it, that second person will not be able to see the meeting. This concept applies across the board, for all objects such as resource documents, actions, and groups.
2) Your "Active Permission" in OnBoard is somewhat transient. As you move through the product, working inside different aspects or features, the Active Permission OnBoard is referencing may change as well. Here's an example: Let's say that you're an Organization Administrator, and you've just created a new meeting. While inside that meeting, OnBoard references your MEETING LEVEL permissions to determine what you're able to accomplish inside that meeting. OnBoard doesn't care that you also happen to be an Organization Admin. You're in the meeting, so meeting permissions are paramount. This concept applies across the board as well. So, while you're casting a vote in an Approval, your permissions for that Approval are being referenced.
There are a total of SIX areas in which a user's permission may be configured: Organization level, Group level, Action (Approval, Survey, eSignature) level, Meeting level, Agenda Section level, and Resource level.
Global Administrator (Hidden) - This permission is only available to certain OnBoard package levels, and is configured by the Passageways Technical support team. For more information about this permission, please review the following article: OnBoard Global Administrator
Administrator - Users with this permission are allowed to create any object in OnBoard they need, such as Meetings, Groups, Actions, and Resource folders. Organization Admins can also configure the Organization Settings page, as well as the Dashboard page. Organization Administrators are the ONLY ones who can modify the User Directory (adding, removing, and modifying permissions at the Organization level).
Creator - This permission is very similar to the Administrator above. Creators also have the ability to create any sort of object they wish, such as Meetings, Groups, Actions, and Resource folders. However, they do not have the ability to change the User Directory, Dashboard, or Organization Settings pages.
Member - Members at the Organization level cannot create any content on their own. These are the end-users of the product. Generally, most Directors/Committee Members will be granted this level of permission.
Deactivate - This is more of a Status, than a Permission. A Deactivated user is someone who is still a part of your organization, but they do not need access to OnBoard all the time. Perhaps someone such as an Auditor or Examiner. While in the Deactivated status, this user cannot view any of your information in OnBoard. This is an alternative to completely removing a user account from your organization, which would require a re-invitation if this person returns.
Administrator - The Group Administrator (which is not the same as the Organization Administrator) has the ability to do three very specific things. They can change the Name, Description, and permissions of the group in which they administer. **NOTE** A Group Administrator can NOT create meetings for their group. You must be either an Organization Administrator or Creator to create meetings.
Member - As a member of a group, you automatically inherit any permission the group is assigned to. For instance, if your group is assigned to be a Reader of a Meeting, you inherit that Reader permission, alongside other members of your group.
Action-level Permissions (Approvals, Surveys, eSignatures)
Voter / Respondent / Signer - This is the base-level participation permission for each of the three different Action types. As one of these permissions, you have the ability to vote on the approval, respond to the survey, or sign the eSignature document.
Administrator - The Administrator of the Action is the user who will be able to configure the details of the Action, such as the description, permission structure, and lifecycle. They will also be the users who can see the results of the action as well. Keep in mind that an Administrator of the action does NOT have the ability to participate in the action. (See the next permission below).
Admin & Voter / Respondent / Signer - Each Action type has a permission that grants both Administrator and Participant access. This is it! If you need to be able to do both, be sure to assign yourself this permission.
Excluded (Individual User Only) - This permission is generally used in conjunction with a permission assigned to a Group. Marking a user as Excluded will ensure they do not have access to this Action, regardless of what group they're in that might already have access. As an example, if the Loan Committee Group is granted access to an Approval, you may not want to include a specific person from that group. In that case, we can mark them as Excluded. Everyone else in that group will remain included. It is not necessary to Exclude users who already do not have access to the action.
Administrator - The Meeting's admin has full control over the details and contents of the meeting. They're able to set the meetings date and time, set the meetings permissions, control the meeting's settings, create the agenda, and upload the meeting's content. Essentially, they can do anything they want for the meetings they administrate.
Contributor - Users with this permission at the meeting level behave almost exactly as the meeting administrator does, with one major exception. Meeting Contributors cannot change the meeting's permissions. Otherwise, they're able to change the details, agenda, and documents in any way they wish.
Reader - Users with the Reader permission cannot change any of the meeting's contents. They're essentially a read-only or consumption permission. These users can open the board books and create annotations on the book's pages.
Exclude (Individual User Only) - This permission is generally used in conjunction with a permission assigned to a Group. Marking a user as Excluded in ensure they do not have access to this Meeting, regardless of what group they're in that might already have access.
Agenda Section-level Permissions
Permissions listed here are identical to the permissions listed in the Meeting-level section above. However, here, we can fine tune access at a section-by-section level. It is common to split up responsibilities for meeting creation. If you'd like to have your Marketing Manager upload their own report for their section of the Board Meeting, but not have access to be able to change anything else, grant them Contributor access at the Marketing Report Agenda Section level. Or perhaps a person needs to be a Reader of the entire meeting, but they should be Excluded from just one particular section. You can do that too! Be sure to refer to the Meeting-level section above to find out what each of these permissions are capable of accomplishing.
Administrator - Resource Administrators can control any of the content that goes into their folders. They have the ability to upload new content, remove content, and change the permission levels of their folder structure.
Readers - Users with this permission have access to open resource documentation, but they cannot add/delete anything from these folders. This is generally considered a read-only permission.
Exclude (Individual User Only) - This permission is used in conjunction with a permission assigned to a Group. Marking a user as Excluded in ensure they do not have access to this resource, regardless of what group they're in that might already have access.