This manual explains how to manage permissions in Yesplan. We divide this manual into three chapters:
- Summary of the different concepts and general functioning of permissions in Yesplan.
- A chapter in which the different configuration capabilities are discussed in detail.
- A step-by-step plan to easily set up permissions within an organization.
The general functioning of permissions that is described here is not applicable for reports (templates and generated documents). The permissions system for these elements is explained in the reports manual.
Managing permissions in Yesplan is broken down into the various actions that a user can execute (their capabilities) and managing which users have access to which events, resources, prices, contacts and tasks.
Before going more deeply into how permissions are managed, we briefly explain a few basic concepts related to permissions in Yesplan.
It isn’t always advisable for a user to be allowed to execute every action or view all screens. In Yesplan you can set who has the capability to perform various actions and to see certain screens and who does not.
This is determined via capabilities. If a user has a certain capability then the corresponding action can be executed.
Every Yesplan element (events, resources, contacts, etc.) has an owner. This owner is a Yesplan user. Initially the owner of an element will be the user that created this element. The owner of an element can be customized.
Every Yesplan user grants permissions to other users regarding what can happen to the elements that they own. These permissions determine who can read, write, clear, use, etc. this element. In other words, the owner of a certain element decides what can happen to that element in Yesplan.
A permission template is a set of capabilities and a description of the granted permissions.
These templates are used to describe the permissions of a certain group of users (such as ‘Administrators’) or a certain job title within an organization (such as ‘Planner’).
One or multiple permission templates can be awarded to a user. If a user was awarded multiple templates, his/her capabilities will be a union of all capabilities in these templates, and the granted permissions (for elements owned by the user) will also be a union of permissions determined by these templates.
Managing Permission Templates
Permission templates are managed under System Settings, under the “Users” tab, by the “Permission Templates” section. You can create, delete, duplicate and rename templates.
If you click on “Show Permissions”, a new screen will open where the capabilities and permissions for this template can be managed.
This screen consists of two parts:
- At the top of the screen there is a list of capabilities for the template.
- At the bottom you see the permissions that are granted to users that were assigned this template.
Capabilities are divided into three groups:
- The types of elements that a user can create, and the actions that can be executed on certain elements.
- The tabs of various inspectors that are visible.
- The statuses that can be awarded to an event by a user.
Capabilities can easily be customized by activating or deactivating them. We will discuss each of these three groups in detail.
The left column shows the capabilities that a user receives to create elements or to execute certain actions. The following capabilities can be set:
- Events: creating events.
- Resources: creating resources.
- Contacts: creating contacts.
- Tasks: creating tasks.
- Report templates: creating report templates.
- Prices: creating prices for resources.
- Mute conflicts: capability to hide conflicts in the event calendar and the team planner.
- Unlock events: capability to unlock events that are ‘locked’.
Certain statuses can be marked as ‘locked’ in Yesplan. As soon as an event has this status, its name, date or location can no longer be changed, to avoid accidental changes. Changes are only possible by clicking on the lock next to the event. In order to open this lock, the user must have the capability to “unlock events”.
Visibility of Tabs
The middle column shows a list of tabs classified per inspector. Clicking on “Open” next to the name of the inspector shows all the tabs of that inspector.
You can determine whether the tab is visible for the user using the checkbox. If desired you can customize the visibility of all tabs of an inspector at once by clicking on the checkbox next to the name of the inspector.
When you add new tabs to Yesplan they are, by default, not visible for users. You must activate these tabs under the template capabilities that are applicable for the users that must be able to view these tabs.
Use of Statuses
The right column shows a list of statuses that were created in Yesplan for events. If a status is not activated, a user will not be able to award that status to an event.
The order of the statuses has a meaning. An event will often evolve from an option request to a fully scheduled and concluded event. The order of statuses can be determined via system settings.
To move to the next status (a status that is lower in the list) a user must have the capability to use that status. To return to a previous status, the user must have the capability to use that previous status and to use all the intermediate statuses.
This functionality enables you to determine that a user can place an event in a ‘later’ status (and possibly skip certain statuses) but he/she cannot switch a planned event back to an option.
The image above shows the part of the screen where the granted permissions are configured. This screen displays a table; each record corresponds with a user or a user group to whom permissions are granted. The columns of the table correspond with the type of permissions that are granted.
Records can be added to the table. You do this by clicking on “Add” at the bottom of the table. By double-clicking on the name of the user or user group (in the far left column) in an existing row you can customize to whom these permissions apply.
If the user to whom permissions were granted is deleted from the system, the name will appear in red.
Please note that it’s also possible to grant permissions to an entire user group simultaneously (see further).
A cell is shown for each type of element in Yesplan with checkboxes that determine the permissions for this type of element.
Please note that permissions for locations, placeholders and reports are not granted via a template. These permissions must be set per element (per location, placeholder or report).
The following permissions can be set for all elements:
- View: a user or group of users can see this type of elements.
- Edit: a user or group of users can customize this type of elements.
- Delete: a user or group of users can delete this type of elements.
- Edit Permissions: a user or group of users can customize the permissions for this type of elements.
For resources we have the above mentioned permissions as well as:
- Book: the user or group of users can book the resource.
- Edit Booking: the user or group of users can edit booked resources.
- Delete Booking: the user or group of users can delete booked resources.
It is possible to activate all permissions in a certain record simultaneously by clicking on “Select All”, to the right of the record. Similarly, all permissions can be deactivated simultaneously by clicking on “Deselect All”. Finally, a record can be removed from the table by clicking on “Delete”.
It is important to understand that permissions are granted based on the owner of an element. For example: imagine that we add this row with permissions to a permission template that we award to user Tim. In that case Tim will be the one to grant permissions – as defined in this row – to user Planner. In other words, Planner will be able to view, edit, delete, book and edit permissions for every resource owned by Tim. Tim’s bookings cannot be edited or deleted by Planner.
Permissions per Status
For events you can manage permissions per status. To add specific permissions for a certain status, click on “Add Status” in the header of the “Events” column.
If no specific permissions are determined for a status, the general permissions are applicable as defined in the “Events” column.
Permissions for Unavailabilities
It is possible to indicate that a resource or location is unavailable during certain periods via the event calendar, the team planner or the resource inspector. Unavailabilities do not have separate permissions in Yesplan; they follow the permissions of that resource. If a user can book a certain resource then this user can also mark the resource as unavailable and delete unavailabilities.
A user can mark a human resource as unavailable, for a certain day or period, in the team planner if the user has permission to book the human resource.
A user can mark a location as unavailable (‘lock the location’), for a certain day or period, in the event calendar if the user has permission to book in that location.
Awarding Permissions to Diverse Users
Permissions can be awarded to different users or user groups. We will run through the capabilities from most general to most specific:
Everyone else: for permissions that are granted by a template or by a user, this record corresponds with the permissions for all users for whom no other, more specific, record is defined. Please note that this record is always present and cannot be deleted.
Permissions for a certain user group: it is possible to award permissions to a certain user group. These permissions are applicable for all users that are part of the user group. If a user is added to the group, this user will have the same permissions. If a user is deleted from the group, the permissions are no longer applicable for this user.
Permissions for a certain user: it is possible to award permissions to a certain user. In the image above a row of permissions can be added for the user ‘Administrator’.
In addition to these explicit users or groups of users, Yesplan also supports dynamic permissions. These are useful because you don’t have to name or repeat all users or user groups within Yesplan on each of the templates. We recommend that you only use these options in cases where a complex implementation of permissions is necessary since they make it harder for an administrator to discover exactly which permissions are applicable.
Owner: these permissions are applicable for the owner of an element.
This allows us to express that a certain user receives permissions for an element, as soon as this user becomes the owner of that element (the user who creates an element is, by default, the owner).
- in template “General” we add a record for “Owner” in which it receives permission to view, edit and delete events
- Jan and Sofie were both awarded the “General” template
- Jan will be able to view, edit and delete all events that he creates, but not events that Sofie creates
- Sofie will be able to view, edit and delete all events that she creates, but not events that Jan creates
Primary group of the owner: these permissions are applicable for the primary group of the owner of an element.
This allows us to express that a certain user receives permissions for an element, as soon as this user is in the same user group as the primary group of the owner of that element.
- in template “General” we add a record for “Primary Group of Owner” in which it receives permission to view and edit events
- Jan has “Planning theatre” as his primary group but is not a member of the “Planning dance” user group
- Sofie has “Planning dance” as her primary group and is also a member of the “Planning theatre” user group
- Jan and Sofie were both awarded the “General” template
- Jan will be able to view and edit all events that were created by any user who has “Planning theatre” as their primary group, but not events created by Sofie (or by other users who have “Planning dance” as their primary group)
- Sofie will be able to view and edit all events that were created by any user who has “Planning dance” as their primary group as well as events created by Jan (or by other users who have “Planning theatre” as their primary group)
Please note that if we edit the primary group of a user, this also influences the permissions.
Since a user can belong to multiple user groups, and since Yesplan supports dynamic permissions like owner and primary group, it is possible that multiple rows within one permission template are applicable for a certain user. Yesplan will use the most specific permissions that are applicable when determining permissions for a user for a certain element.
The following rules are applied:
The most specific level is that of the user. This means that if there are user permissions, they will be applicable and the permissions for user groups and for everyone else will be ignored.
For example: as soon as a record with explicit permissions for a user is included in the template, this record is always applicable. If the user is also the owner of the element and dynamic permissions for the owner were determined, then the combination of these owner permissions and any explicit permissions for the user is applicable.
If no explicit permissions for the user were included and the owner permissions are not applicable, Yesplan will look at the user group level. In this case it is the combination of permissions for each of the users’ user groups that is applicable. If permissions for the primary group were also set and the user belongs to the primary group of the owner of this element then these permissions will also be applicable, in combination with the other user group-specific permissions that apply.
If permissions at the user level and at the user group level do not apply then the permissions for everyone else apply.
Awarding Permission Templates to Users
Permission templates are awarded to users under system settings, under the “Users” tab, by the “Users” section. How this works is described in the system settings manual.
Please note that it is possible to award multiple permission templates to a user. In that case the union of capabilities and granted permissions of all awarded templates will be applicable. In other words, as soon as one of the templates awards a certain capability or grants a permission, it will be applicable. When taking the union, the least strict permissions are granted.
Customizing User Permissions
In addition to managing permissions based on permission templates that are granted to users, it is also possible to set capabilities and permissions separately per user. This can be done under system settings, under the “Users” tab, by the “Users” section. You click on “Show Permission Settings” in the record of a user.
In order to keep the management of permissions in Yesplan easy, we advise against using this option. Only use templates; this makes it easier to check where permissions are granted. An easy, step-by-step plan for implementing permissions is described below.
After clicking on “Show Permission Settings” a screen will appear that is very similar to that for managing permissions on a permission template.
At the top of this screen we see the user groups and permission templates that are applicable to the user. User groups or templates can be added to the user by clicking on “Add”; existing user groups or templates can be deleted by clicking on the “−” next to its name.
Under the list of user groups and templates we see the user’s capabilities and granted permissions. These capabilities and permissions are a merger of the capabilities and permissions that the user was assigned via permission templates.
You can customize capabilities and permissions at the user level. Alterations that deviate are indicated by an asterisk behind the capability or the customized granted permissions. In the image above we see that the user Planner cannot create contacts or tasks. These two capabilities were active on the templates applicable for this user so they are indicated as deviations, with an asterisk. Deviations with regard to the templates can be undone by clicking on “Reset”.
Permissions that are granted by a user can be customized in a similar manner. Here too deviations to the templates will be indicated with an asterisk. These deviations are undone by clicking on “Reset”. In the example above you see that the user Planner can edit or delete events with the status ‘Option’ even though the templates did not grant permission for this. These permissions were customized at the user level; these settings are marked with an asterisk.
View the Permissions That Were Granted to a User
In Yesplan, permissions are based on the concept that a user grants permissions to other users either explicitly or via permission templates. To know which permissions were granted to a specific user – what their acquired permissions are – you can click on “Show Permission Settings” in the far right column in the list of users (found under system settings, under the “Users” tab, by the “Users” section)
At the bottom of the screen you see a list of permissions that were granted to that user.
Each record shows a specific permission; the columns show the various types of Yesplan elements. Each cell in this table contains a list of users that grant the corresponding permission for the corresponding element. For example, we see that Planner can view events owned by himself or by Administrator, and can only delete prices owned by Administrator.
Customizing Element Permissions
You can customize element permissions. These permissions will replace the permissions granted by the owner of the element. Element permissions are customized via the “Permissions” tab on the inspector of that element. This is possible for events, resources, locations, contacts and tasks. Please note that this is the only capability for managing permissions for locations and reports – these elements do not receive permissions via a permission template.
The owner of the element is shown at the top. You can change this owner by clicking on “Change Owner”.
Under the owner we see a list with various users (of user groups) who received permissions for this element. Permissions for the different users of this element can be customized via checkboxes.
This list will always contain a “Me” record. These are the permissions of the user who is signed in. To avoid accidental changes to this record you must first click on the lock before making any adjustments. Moreover, it is possible to add new records to this list (via “Add User Group or User” under the list).
Records that are added to the list can be deleted once again. It is not possible to delete existing records with permissions for a certain user (or user group), but you can activate and deactivate as many permissions as desired (if you have permission to do so).
Permissions for Locations, Placeholders and Reports
For permission templates and permissions that are granted by users, it is not possible to manage permissions for locations, placeholders or reports. Locations and placeholders are regarded as special resources; permissions for locations and placeholders are determined per element. For reports, permissions can be determined per element, and permissions that are applicable on generated reports can be determined per element.
Permissions for Locations
Location permissions are managed under system settings, under the “Resources” tab, by the “Locations” section. Then you open the location inspector by clicking on the name of the location. You can manage permissions on the “Permissions” tab of this inspector. Managing the permissions for a location is similar to managing element permissions, with the exception that a location has a user group as an owner rather than a user. This makes it easier to link locations to certain user groups.
Please note that you can also open the location inspector from the event calendar by clicking on the name of the location (in the header of the column).
Permissions for Placeholders
Placeholders do not have an owner and can be read and booked by every Yesplan user. Only administrators can change the placeholder.
It is not advisable to allow every Yesplan user to alter the prices of a placeholder so price permissions are managed. Placeholder permissions are managed under system settings, under the “Resources” tab, by the “Groups & Roles” section. Then you open the placeholder inspector by clicking on “Inspect” in the row of a certain role. You can manage permissions on the “Permissions for Prices” tab on this inspector.
Please note that you can also open the placeholder inspector from an event inspector if it has a booking for that placeholder. Open the booking inspector for that placeholder first (by clicking on the name), then open the placeholder inspector (by clicking on the button at the bottom of the booking inspector).
Implementing Permissions in Four Easy Steps
Yesplan offers an elaborate way to set up permissions. Given the complexity, permissions are best configured together with a Yesplan account manager. However, easy configurations are within everyone’s reach. What follows is a guideline for creating Yesplan users easily and setting up their permissions.
Step 1: Creating User Groups
The aim is that all Yesplan users are divided into user groups. Later we will assign one user group to each user that we create.
User groups are used for setting up permissions simultaneously for all users with the same job or role in the organization.
The first step is to identify all the different roles in your organization and to create a user group for each one. For more information about how user groups can be created, please refer to the system settings manual.
Step 2: Creating the Common Permission Template
The common permission template that we create here contains the capabilities and granted permissions that are applicable for every Yesplan user. Later we will assign this common permission template to users.
In the screen for managing permission templates create a new template called ‘Common’ then click on “Show Permissions” to set everything up.
In the ‘Common’ template we do not set capabilities. In step 3 we will create separate templates for capabilities, per user group in the organization.
In the ‘Common’ template we only set granted permissions, for every user group.
We add all user groups to the ‘Common’ template and then indicate, per user group, what they can and cannot do.
Step 3: Creating Capabilities Templates
For each user group in the organization, we create a permission template for their capabilities. In thess capabilities templates we only enter the part with the capabilities (at the top). In step 4 we will indicate per user which capabilities template is applicable.
The following items are set with the capabilities:
- The elements that a user can create.
- Whether a user can hide a conflict.
- Whether a user can unlock events with a closed status.
- The visibility of inspector tabs for that user.
- The statuses that a user can award to events.
Step 4: Creating Users
In this last step, all users from the organization are created via the tab in the system settings for managing users. We are going to enter the following items:
- Name: the full name of a user.
- E-mail: the user’s e-mail address.
- Username: the user’s username (case sensitive).
- Password: the user’s password (case sensitive) can be changed by the user later on.
- User groups: add the corresponding user group for the user here.
- Primary group: choose the name of the organization (“My organization” in this example).
- Permission templates: two templates are added to every user here; ‘Common’ and the capabilities template that corresponds with the user’s role within the organization.
- Administrator: activate only if the user is responsible for managing Yesplan.
- User Group Administrator: do not enter anything.