Specific permissions let you limit the scope of a permission to a subset of users or entities within a module, instead of applying it to the entire community.
Instead of giving someone the "Reset password" permission for all users in the community, you can restrict it to just collaborators in Argentina.
-
General permissions Specific permissions Scope Applies to all content in the module. Applies to specific entities within the module. Example "Manage users" = applies to all users in the community. "Manage users" = applies only to the group Country = Argentina. Configuration Checkbox enabled/disabled. Requires defining the scope (which entities it applies to). Specific permissions coexist with general ones. If a user has a role with a general permission and another with a specific permission for the same module, the broadest access applies.
-
-
Go to the creation screen.
- Set up the name and description of the role.
- Assign the collaborators to whom this permission will apply.
- In the Permissions tab, choose the scope:
- All: the permission applies to all entities in the module (same as a general permission).
- Specific: choose which specific entities it applies to.
- If you chose Specific, select the entities from the selector that appears (groups, users, etc.).
-
Scope type Description Segmentation group Define rules by combining segmentations with AND/OR. Relationship between members The scope is defined based on the relationship between the role member and end users. All users Full scope over the community (same as a general permission). Specific users Manually select people by name. -
Within the Users module in Roles and Permissions, you can independently assign the following specific permissions to delegate certain actions to a limited group of collaborators without giving access to the entire organization:
Permission What it allows Download user report for target group Download a report with information about users who belong to the role's target group. Only includes users within the defined scope. View segmentation of users in target group Enables the Segmentation tab in read-only mode within the user's profile for collaborators in the target group. Edit segmentation of users in target group In addition to viewing the Segmentation tab, allows editing and saving changes. Automatically includes view permission. Applies to users in the target group. These permissions do not replace Manage users. Anyone who already has that general permission still has full access to all users. The specific permissions in the Users module are for delegating certain actions to a limited scope.
Permissions are evaluated cumulatively: if any role grants an action, the user can perform it. This applies to both general and specific permissions.
If you want to restrict the scope of a permission, make sure the user doesn't have another role that grants the same permission with a broader scope.
To see all available permissions by module, check out What permissions can I set in a role?