Understanding permissions

This article explains how ActivityInfo determines a user’s right to view or change databases.

Database owners

Each Database has a single Database owner. This user can view and change all elements of the Database.

There are also a few things only the Database owner can do:

  • Rename the Database
  • Delete the Database

If you do not invite any users, or make any forms public, than the Database owner is the only person who can access a Database.

Role assignment

A Role is a certain combination of Grants and Parameters that you assign to a specific group of users. Roles are therefore the main way by which you control what actions you permit users to perform in your database.

In ActivityInfo, the permission for assigning roles to other users lies with the Database owner, administrators . These individuals are usually responsible for managing users, roles, permissions, and other administrative tasks within the Database.

Specifically, users with administrative roles can perform the following actions related to role assignment:

  • Adding Roles: They can create new roles within the Database, defining the combination of grants and parameters that determine the permissions for each role.
  • Editing Roles: they can modify existing roles, adjusting their permissions, parameters, or other settings as needed.
  • Assigning Roles to Users: They can assign roles to individual users or groups of users, determining the actions those users are permitted to take within the Database.
  • Managing Users: This includes tasks such as adding new users to the Database, changing user roles, and deleting user accounts when necessary.
  • Overriding Role Permissions: In some cases, they may need to override the permissions granted by a role for specific users or resources, granting additional permissions as needed.

Grants to the user

You can grant permissions to users for specific resources, such as forms, folders, or reports, through role assignments.In ActivityInfo, grants to users are typically managed by Database owners, or administrators. Grants specify the permissions granted to a user for accessing various resources within the Database. These permissions include operations like viewing, adding, editing, or deleting records, as well as managing users and forms.

Locks

In ActivityInfo, locks serve as a mechanism managed by Database owners, administrators or users with equivalent permissions to restrict access to specific resources within the Database, preventing changes to critical data or configurations. With this level of permission, you can apply locks to resources such as forms, folders, or Databases. Lock management allows you to add, remove, or modify locks as needed, adjusting access control settings based on changing requirements or organizational policies. In certain cases, you may need to override locks for specific users or situations, temporarily lifting a lock .

Public visibility

When you make a form public, then all users can view the form and all of its records, even without logging in.

Note that if you make a form public, any conditions set on the view permission will have no effect. All records will be visible to all users.

Reference fields

Reference fields in a form are used to establish relationships between different records or datasets within a Database. When adding a reference field to a form in ActivityInfo, it allows users to link records in one form to records in another form. However, it's important to note that simply adding a reference field to a form does not automatically grant permission for an editor of that form to view the related form.

In other words, while a user may have permissions to edit the form where the reference field is added, they may not automatically have permissions to view or edit the related form linked through the reference field. Permissions for viewing or editing related forms need to be explicitly granted to users by administrators or users with appropriate privileges.

ActivityInfo support staff

As a matter of policy, the ActivityInfo support has no access to your database. If you ask for our help to resolve a technical problem, or ask for advice in designing your forms, a member of the support team may “claim” support access to your Database.

The Databaseowner is notified by email when this happens, and the support team member is added to the Databasein the “support” role, just like any other user. This event is also visible in the audit log.

You can further restrict the support role to limit what our support staff can view or change by changing the permissions assigned to the “Support” role. When the issue is resolved, the support team member will leave your database.

Next item
Add your first role