Team Default Permissions View

Team default permissions explicitly show the default permissions this team has for every entity type in the system. Every record can have those permissions specifically overridden, providing the person changing them has permission to do so, but these permissions indicate what the default access would be for this team without any otherwise specifically set permissions.

Default Permission Features

These permissions define the default permissions for the current team. It is important to note that records in the system have the following permission mechanisms that determine if a team has access to it and to what level:

  • Record Permissions:
    First every individual record itself can have explicit permissions set. [See Permissions Tool Window for more info]. These permissions can only be explicitly set on a record if the team has Can Change Permissions, or if they were automatically assigned through Team Default Permissions On New Items.
  • Team Default Permissions
    If a record doesn't have explicit permissions then the team has access to that record through the default permissions assigned to it here.
  • Inherited
    If a record can't have permissions set then they are inherited from the permissions of a parent related object. Depending on what permissions the team has to that parent object determines what permissions the team has to this record itself.

All entities in the system either allow permissions to be assigned against them, or inherit permissions. This includes custom entities and entities created through our API. As always anything you design is no different to the entities that already exist in the system (which are created through the same API anyway).

There are certain entities that all teams must have at least read-only default permissions to in order to run the system itself. These include things like users, roles, teams, etc. You can get an idea of this by copying the Standard User role when creating a new role and modifying the permissions to reflect the requirements of your new team.


Team Default Permission Properties

Team Default Permissions have the following properties:

NameDescription
[Key]
[Required]
Entity
Holds the entity type you want to assign default permissions for this team to.
Can Change PermissionsIndicates this team has permissions to change the permissions for other teams for any entity of this type.
If they do not have this permission, the team will not be able to alter permissions that other teams have to records of this type through any function in the system be that the API, web services, applications, etc.
Can DeleteIndicates this team has permissions to delete any instance of entities of this type.
If they do not have this permission, the team will never be able to delete any records of this type through any function of the system be that the API, web services, applications, etc.
Can CreateIndicates this team has permissions to create new instances of entities of this type.
If they do not have this permission, the team will never be able to create new instances of records of this type through any function in the system be that the API, web services, applications, etc.
Can WriteIndicates this team has permissions to modify instances of entities of this type.
If they do not have this permission, the team will never be able to alter records of this type through any function of the system be that the API, web services, applications, etc.
Can ReadIndicates this team has permissions to view instances of entities of this type.
If they do not have this permission, the team will never see records of this type through any function of the system be that the API, reports, web services, etc.

Commands

A team default permission has the standard set of commands and functions when being viewed from a grid. See our standard grid functionality.