OnBoard provides a detailed approach to security. Users can have a wide range of access levels, such as Meeting access, Resource access, Action access, and more. The information below describes what each permission has the ability to do within the system.
You can use the links to the right to jump to each section.
Important Permissions Notes
Before we dive into each permission, it is important to understand two concepts:
1) Organization Administrators are NOT super users. By this, we mean that if one Administrator creates a new meeting, but does not give another Administrator access to it, that second person will not be able to see the meeting. This concept applies across the board, for all objects such as resource documents, actions, and groups.
2) Your "Active Permission" in OnBoard is somewhat transient. As you move through the product, working inside different aspects or features, the Active Permission OnBoard is referencing may change as well. Here's an example: Let's say that you're an Organization Administrator, and another org admin just created a new resource folder. While inside that folder, OnBoard references your RESOURCE-LEVEL permissions to determine what you're able to accomplish inside that folder. OnBoard doesn't care that you also happen to be an Organization Admin. You're in the resource folder, so folder permissions are paramount and your permissions for that folder are being referenced. This concept applies across the platform. So, while you're casting a vote in an Approval, your permissions for that Approval are being referenced.
There are a total of SIX core areas in which a user's permission may be configured: Organization level, Group level, Action (Approval, Survey, eSignature) level, Meeting level, Agenda Section level, and Resource level.
Organization-Level Permissions
Organization-Level Permissions decide who can manager the Dashboard, Directory, and Organization Settings. They also help decide who can create content in OnBoard (Meetings, Resource Folders, Actions, etc.).
Administrator
- Can create any object in OnBoard they need, such as Meetings, Groups, Actions, and Resource folders.
- Can configure the Organization Settings page, as well as the Dashboard page.
- Organization Administrators are the ONLY ones who can modify the User Directory (adding, removing, and modifying permissions at the Organization level).
Creator
- Can create any object in OnBoard they need, such as Meetings, Groups, Actions, and Resource folders.
- DO NOT have the ability to change the User Directory, Dashboard, or Organization Settings pages.
Member
- Cannot create any content on their own
- These are the end-users of the product. Generally, most Directors/Committee Members will be granted this level of permission.
Deactivate
This is more of a Status, than a Permission. A Deactivated user is someone who is still a part of your organization, but they do not need access to OnBoard all the time. Perhaps someone such as an Auditor or Examiner. While in the Deactivated status, this user cannot view any of your information in OnBoard. This is an alternative to completely removing a user account from your organization, which would require a re-invitation if this person returns.
Global Administrator (Hidden)
This permission is only available to certain OnBoard package levels, and is configured by the Passageways Technical support team. For more information about this permission, please review the following article: OnBoard Global Administrator
Group-level Permissions
Groups are used to help manage permissions by quickly inviting an entire group of users to a Meeting, Resource Folder, Approval, etc.
Groups also include information about the group such as Roles & Terms information and Diversity Reporting.
Group permissions help determine who can manage the membership of the Group, view all Diversity Reporting analytics, and who's included in the Diversity Reporting.
Administrator
- Can manage the Name, Description, and Permissions of the Group
- Can view the full Diversity Reporting analytics
- IS NOT INCLUDED in the Group's Diversity Reporting
Admin & Member
- Can manage the Name, Description, and Permissions of the Group
- Can view the full Diversity Reporting analytics
- IS INCLUDED in the Group's Diversity Reporting
Member
- Has read-only access to the group
- IS INCLUDED in the Group's Diversity Reporting
Note: Group "Administrators" and "Admin & Members" can NOT create meetings for their group by default. You must be either an Organization Administrator or Creator to create meetings.
For more information on Groups, view the article on Creating and Managing Groups.
Action-level Permissions(Approvals, Surveys, eSignatures)
Voter / Respondent / Signer - This is the base-level participation permission for each of the three different Action types.
- As one of these permissions, you have the ability to vote on the approval, respond to the survey, or sign the eSignature document.
Administrator
- The user who will be able to configure the details of the Action, such as the description, permission structure, and lifecycle.
- Can see the results of the action.
- Keep in mind that an Administrator of the action does NOT have the ability to participate in the action. (See the next permission below).
Admin & Voter / Admin & Respondent / Admin & Signer
- Each Action type has a permission that grants both Administrator and Participant access. If you need to be able to do both, be sure to assign yourself this permission.
Commenter (Approvals only)
- Can view and participate in Approval Discussions
- Cannot cast a vote
- Cannot administrate the Approval
Excluded (Individual User Only)
This permission is generally used in conjunction with a permission assigned to a Group. Marking a user as Excluded will ensure they do not have access to this Action, regardless of what group they're in that might already have access.
As an example, if the Loan Committee Group is granted access to an Approval, you may not want to include a specific person from that group. In that case, we can mark them as Excluded. Everyone else in that group will remain included. It is not necessary to Exclude users who already do not have access to the action.
For more information on the Permissions within Actions, review our Actions Articles and Videos.
Meeting-level Permissions
Administrator
The Meeting's Admin has full control over the details and contents of the meeting.
- Can manage Meeting Details (date, time, and location)
- Can manage Meeting Permissions
- Can manage Meeting Settings
- Can update the agenda and upload documents
- Can edit documents with Microsoft 365
- Can update meeting visibility and send notifications
Contributor
Users with this permission at the meeting level behave almost exactly as the meeting administrator does, with only a few exceptions.
- Can (when meeting is visible) update meeting agenda sections and upload documents.
- Can (when meeting is visible) edit documents with Microsoft 365.
- Cannot update:
- Meeting Details
- Meeting Permissions
- Meeting Visibility
Reader
Users with the Reader permission are essentially a read-only or consumption permission.
- When the meeting is visible, Readers can only view the Meeting's Details, Agenda, and documents.
Exclude (Individual User Only)
This permission is generally used in conjunction with a permission assigned to a Group. Marking a user as Excluded in ensure they do not have access to this Meeting, regardless of what group they're in that might already have access.
For more information on Meeting Permissions, review our Article and Video on Meeting and Agenda Permissions.
Agenda Section-level Permissions
Permissions listed here are identical to the permissions listed in the Meeting-level section above. However, here, we can fine tune access at a section-by-section level.
It is common to split up responsibilities for meeting creation. If you'd like to have your Marketing Manager upload their own report for their section of the Board Meeting, but not have access to be able to change anything else, grant them Contributor access at the Marketing Report Agenda Section level.
Or perhaps a person needs to be a Reader of the entire meeting, but they should be Excluded from just one particular section. You can do that too!
Be sure to refer to the Meeting-level section above to find out what each of these permissions are capable of accomplishing.
For more information on Agenda Section Permissions, review our Article and Video on Meeting and Agenda Permissions.
Resource-Level Permissions
Administrator
Resource Administrators can control any of the content that goes into their folders.
- Can upload new content (documents, images, links)
- Can remove content
- Can edit folder Permissions
- Can edit documents with Microsoft 365
Readers
Users with this permission have access to open resource documentation, but they cannot add/delete anything from these folders. This is generally considered a read-only permission.
Exclude (Individual User Only)
This permission is used in conjunction with a permission assigned to a Group. Marking a user as Excluded in ensure they do not have access to this resource, regardless of what group they're in that might already have access.
For more information on Resource Permissions, review our Article and Video on Creating and Managing Resources.
OnBoard Group Trainings:
If you are interested, we do offer further education. You can find the calendar and register for OnBoard Admin group training sessions by clicking here.
Comments
0 comments
Please sign in to leave a comment.