User management and user permissions (role-based)
User management is carried out in Users and access which can be found from the settings-menu on the bottom left corner of the service:
In Users and access, users are listed alphabetically based on their name. The following information is also shown for each user and can be used to filter the list:
- System role
- Last login time
New users can be added by selecting "Add user" from the top right corner which opens up the user settings (see detailed description below).
Once the preferred settings are defined for the user, there are two options: either just add the new user to the service or add and send an invite to them. The first option becomes handy, if the new user needs to be added in order to assign them responsibility of strategy parts or other content, but you don't want them to log in just yet. After the materials are ready in the service, the invitations can be sent and the new users arrive to carefully planned and ready content.
User settings are divided to three sections: Personal information, Connections and Permissions.
The following personal information must always be defined for the user:
- First name
- Last name
- Service language
In addition, following information can be defined, if preferred:
- Phone number
- Title (that is used only in organization chart)
The connections-section contains settings that define how the user is connected to the created organizational structures. Both direct manager* and team/unit** can be set either here in the user settings or in the organization chart.
** Team/unit information is mandatory information and you are unable to save the settings unless a team/unit is selected for the user
The permissions-section contains user's role selection. There are three user roles:
- Facilitator, who have the ability to add, edit and delete all content in the service, manage all users and alter the service subscription. They operate as the environment's admins in the service.
- Manager, who have the ability to add, edit and delete everything from their areas of responsibility. Managers can also add and edit participants that have them as their "direct manager".
- Participant, who have the ability to participate in the strategy work by providing different inputs for their areas of responsibility, e.g. status updates to strategy parts, insights to market radar, participate in strategic dialog etc.
The monthly prices and detailed descriptions of what each role can and cannot do* can be found from the table below:
Projects and goals-permissions for Managers and Participants can also be managed separately for each strategy. You can read more about this from the Strategy access rights.
Checking user permissions with "preview as" functionality
Once organizations reach the state where they have several users with different roles, areas of responsibility and available material, user permissions management can become quite challenging. Simultaneously, it's important that the facilitators and managers can make sure that each user can see and do exactly what they are intended to. The "preview system as this user" functionality was developed for this exact purpose. It allows the facilitators/managers to see the service through the selected user's eyes and it can be used to test e.g.
- Can the user see reports X and Y?
- Can user see and give status updates to their strategic area of responsibility?
- Can user participate in their teams meetings?
The preview functionality is activated from Actions-menu in the bottom left corner of the user settings:
The UI remains normal and the service can be used normally during the preview, but the top of the page clearly indicates that you are previewing the service as another user. The top also contains a button which can be used to return back to user management.
For example, below is a preview what user "Connie Consultant" sees as their activities after the facilitator has assigned responsibility for a few personal OKRs: