Permission Sets

Modified on Wed, 15 Jul at 10:28 PM

Permission Sets

How to create and edit permission sets that define granular module-level access in the Clew Platform


Contents


1. Introduction & Context

Permission sets are the foundational component for user access to data in the Clew Platform, letting you define very granular permissions per module for a group of users. For example, a group of users may be able to view incidents, view and update risks, and have full access to actions on a single register.

A permission set by itself does not grant users access to anything in the platform. It must be applied against a register through a security group, which is where user groups are configured.

Who is it for? System Administrators who configure access control in the Clew Platform.

What does it impact? Permission sets define what actions users can perform per module. Changing an existing permission set affects every user in the security groups where it is used, so changes should be made with care.


2. Key Features & Functions

  • Permissions per module: permissions are granted per module in the platform, so each module can have a different level of access within the same set.
  • Seven permission types: Create [C], Read [R], Update [U], Delete [D], Mass [M], Merge [M], and Share [S], described in the table below.
  • Flexible configuration: set all permissions in one go, per module, or per individual permission within a module.
  • Global option: one permission set may be marked as global, applying its permissions to all users and all registers.
Permission TypeDescription
Create [C]Ability to create items.
Read [R]Ability to read the item(s).
Update [U]Ability to edit the item via Manage > Edit.
Delete [D]Ability to delete. Find more information here.
Mass [M]Mass works in conjunction with Update and Delete. If Mass is selected as well as Update, the permission set will grant Mass Update.
Merge [M]Only relevant to Library Control, Library Cause, and Library Consequence. Ability to merge them together.
Share [S]Ability to share items. Find more information here.

3. Requirements

  • System Administrator access is required to configure permission sets.
  • A permission set by itself does not grant users access to anything. It requires security groups to be configured, where the permission set is applied against a register (or folder) in the platform.
  • There is one exception to this rule: one (1) permission set may be marked as global, which applies the permissions to all users in the platform. A good example is allowing all users to create a declaration or an incident.
  • Exercise care when changing existing permission sets, since they may be in use and changes will affect users in the groups where the permission set is applied.
Caution: A Global permission set grants the selected access to all registers.

4. Step-by-Step Guide

Creating or Editing a Permission Set

  1. Navigate to Admin > Permission Sets. This opens a list of existing permission sets.
  2. If creating new, select Add. If editing an existing set, select the title of the permission set and proceed to step 4.
The Permission Sets list with the Add button and existing permission set titles

The Permission Sets list. Click Add to create new, or a title to edit.

FieldDescription
TitleUsed to select the permission set within a group (256 character limit).
DetailsVisible only within the Permission Set list view (25,000 character limit).
External IDUsed only for API integration.
GlobalIf Yes, grants the permission set to all users and all registers. Only one permission set can be global.
  1. Once completed, press Save to proceed to setting the permissions up.
The permission set form showing the Title, Details, External ID, and Global fields

The permission set form with the fields described above.

Setting the Permissions

  1. On this page, you will see the module permission sets. Any modules available are displayed with a grey header, while any disabled modules are displayed with a pink header. You can set all permissions in one go, per module, or per permission per module.
  2. To set a permission for an entire module, select the shield button on the module permission set header, as shown below. This enables (or disables) all permissions in one click.
The shield button on a module permission set header used to enable all permissions at once

The shield button on the module header enables or disables all permissions in one click.

  1. Alternatively, click the shield next to an individual permission to enable that permission type only. The screenshot below shows Create, Read, and Update enabled for Actions.
Individual permission shields showing Create, Read, and Update enabled for the Actions module

Create, Read, and Update enabled for Actions using the individual permission shields.


5. Common Issues & Troubleshooting

IssueLikely CauseSolution
A permission set was created but users still have no accessThe permission set has not been applied against a register through a security groupConfigure a security group that applies the permission set to the relevant register, and assign the users to that group
Users unexpectedly gained or lost access after a changeAn existing permission set that is in use by security groups was modifiedBefore changing a permission set, check which security groups use it. Consider creating a new set instead of modifying one in use
All users can access all registersA permission set is marked as Global, which grants its access to all users and all registersReview the Global permission set and limit it to only the permissions all users genuinely need, such as creating declarations or incidents
A module appears with a pink headerThe module is disabled in your platformThis is expected. Disabled modules display with a pink header, while available modules display with a grey header
Mass Update is not working for usersMass works in conjunction with Update. Mass alone does not grant Mass UpdateEnable both Mass and Update on the module in the permission set

Best practices:

  • Give permission sets clear titles that describe the access they grant, so they are easy to identify when configuring security groups.
  • Use the Details field to record the intended purpose of the set for future reference.
  • Keep the Global permission set minimal. It applies to every user and every register, so it should only contain permissions everyone genuinely needs.
  • Check which security groups use a permission set before editing it, as changes take effect for all users in those groups.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article