Introduction

This manual explains how to manage permissions in Yesplan. We divide this manual into three chapters:

Attention

The general functioning of permissions that is described here is not applicable for reports (templates and generated documents). The permissions system for these elements is explained in the reports manual.

Concepts

Managing permissions in Yesplan is broken down into the various actions that a user can execute (their capabilities) and managing which users have access to which events, resources, prices, contacts and tasks.

Before going more deeply into how permissions are managed, we briefly explain a few basic concepts related to permissions in Yesplan.

User Capabilities

It isn’t always advisable for a user to be allowed to execute every action or view all screens. In Yesplan you can set who has the capability to perform various actions and to see certain screens and who does not.

This is determined via capabilities. If a user has a certain capability then the corresponding action can be executed.

Granting Permissions

Every Yesplan element (events, resources, contacts, etc.) has an owner. This owner is a Yesplan user. Initially the owner of an element will be the user that created this element. The owner of an element can be customized.

Every Yesplan user grants permissions to other users regarding what can happen to the elements that they own. These permissions determine who can read, write, clear, use, etc. this element. In other words, the owner of a certain element decides what can happen to that element in Yesplan.

Permission Templates

A permission template is a set of capabilities and a description of the granted permissions.

These templates are used to describe the permissions of a certain group of users (such as ‘Administrators’) or a certain job title within an organization (such as ‘Planner’).

One or multiple permission templates can be awarded to a user. If a user was awarded multiple templates, his/her capabilities will be a union of all capabilities in these templates, and the granted permissions (for elements owned by the user) will also be a union of permissions determined by these templates.

Managing Permissions

Managing Permission Templates

Permission templates are managed under System Settings, under the “Users” tab, by the “Permission Templates” section. You can create, delete, duplicate and rename templates.

If you click on “Show Permissions”, a new screen will open where the capabilities and permissions for this template can be managed.

This screen consists of two parts:

Managing Capabilities

Capabilities are divided into three groups:

Capabilities can easily be customized by activating or deactivating them. We will discuss each of these three groups in detail.

Creating Elements

The left column shows the capabilities that a user receives to create elements or to execute certain operations. The following capabilities can be set:

Remark

Certain statuses can be marked as ‘locked’ in Yesplan. As soon as an event has this status, its name, date or location can no longer be changed, to avoid accidental changes. Changes are only possible by clicking on the lock next to the event. In order to open this lock, the user must have the capability to “unlock events”.

Visibility of Tabs

The middle column shows a list of tabs classified per inspector. Clicking on “Open” next to the name of the inspector shows all the tabs of that inspector.

You can determine whether the tab is visible for the user using the checkbox. If desired you can customize the visibility of all tabs of an inspector at once by clicking on the checkbox next to the name of the inspector.

Attention

When you add new tabs to Yesplan they are, by default, not visible for users. You must activate these tabs under the template capabilities that are applicable for the users that must be able to view these tabs.

Use of Statuses

The right column shows a list of statuses that were created in Yesplan for events. If a status is not activated, a user will not be able to award that status to an event.

Attention

The order of the statuses has a meaning. An event will often evolve from an option request to a fully scheduled and concluded event. The order of statuses can be determined via system settings.

To move to the next status (a status that is lower in the list) a user must have the capability to use that status. To return to a previous status, the user must have the capability to use that previous status and to use all the intermediate statuses.

This functionality enables you to determine that a user can place an event in a ‘later’ status (and possibly skip certain statuses) but he/she cannot switch a planned event back to an option.

Granting Permissions

The image above shows the part of the screen where the granted permissions are configured. This screen displays a table; each record corresponds with a user or a user group to whom permissions are granted. The columns of the table correspond with the type of permissions that are granted.

Records can be added to the table. You do this by clicking on “Add” at the bottom of the table. By double-clicking on the name of the user or user group (in the far left column) in an existing row you can customize to whom these permissions apply.

If the user to whom permissions were granted is deleted from the system, the name will appear in red.

Please note that it’s also possible to grant permissions to an entire user group simultaneously (see further).

A cell is shown for each type of element in Yesplan with checkboxes that determine the permissions for this type of element.

Please note that permissions for locations, placeholders and reports are not granted via a template. These permissions must be set per element (per location, placeholder or report).

The following permissions can be set for all elements:

For resources we have the above mentioned permissions as well as:

It is possible to activate all permissions in a certain record simultaneously by clicking on “Select All”, to the right of the record. Similarly, all permissions can be deactivated simultaneously by clicking on “Deselect All”. Finally, a record can be removed from the table by clicking on “Delete”.

Remark

It is important to understand that permissions are granted based on the owner of an element. For example: imagine that we add this row with permissions to a permission template that we award to user Tim. In that case Tim will be the one to grant permissions – as defined in this row – to user Planner. In other words, Planner will be able to view, edit, delete, book and edit permissions for every resource owned by Tim. Tim’s bookings cannot be edited or deleted by Planner.

Permissions per Status

For events you can manage permissions per status. To add specific permissions for a certain status, click on “Add Status” in the header of the “Events” column.

If no specific permissions are determined for a status, the general permissions are applicable as defined in the “Events” column.

Permissions for Unavailabilities

It is possible to indicate that a resource or location is unavailable during certain periods via the event calendar, the team planner or the resource inspector. Unavailabilities do not have separate permissions in Yesplan; they follow the permissions of that resource. If a user can book a certain resource then this user can also mark the resource as unavailable and delete unavailabilities.

A user can mark a human resource as unavailable, for a certain day or period, in the team planner if the user has permission to book the human resource.

A user can mark a location as unavailable (‘lock the location’), for a certain day or period, in the event calendar if the user has permission to book in that location.

Awarding Permissions to Diverse Users

Permissions can be awarded to different users or user groups. We will run through the capabilities from most general to most specific:

In addition to these explicit users or groups of users, Yesplan also supports dynamic permissions. These are useful because you don’t have to name or repeat all users or user groups within Yesplan on each of the templates. We recommend that you only use these options in cases where a complex implementation of permissions is necessary since they make it harder for an administrator to discover exactly which permissions are applicable.

Since a user can belong to multiple user groups, and since Yesplan supports dynamic permissions like owner and primary group, it is possible that multiple rows within one permission template are applicable for a certain user. Yesplan will use the most specific permissions that are applicable when determining permissions for a user for a certain element.

The following rules are applied:

Awarding Permission Templates to Users

Permission templates are awarded to users under system settings, under the “Users” tab, by the “Users” section. How this works is described in the system settings manual.

Please note that it is possible to award multiple permission templates to a user. In that case the union of capabilities and granted permissions of all awarded templates will be applicable. In other words, as soon as one of the templates awards a certain capability or grants a permission, it will be applicable. When taking the union, the least strict permissions are granted.

Customizing User Permissions

In addition to managing permissions based on permission templates that are granted to users, it is also possible to set capabilities and permissions separately per user. This can be done under system settings, under the “Users” tab, by the “Users” section. You click on “Show Permission Settings” in the record of a user.

Remark

In order to keep the management of permissions in Yesplan easy, we advise against using this option. Only use templates; this makes it easier to check where permissions are granted. An easy, step-by-step plan for implementing permissions is described below.

After clicking on “Show Permission Settings” a screen will appear that is very similar to that for managing permissions on a permission template.

At the top of this screen we see the user groups and permission templates that are applicable to the user. User groups or templates can be added to the user by clicking on “Add”; existing user groups or templates can be deleted by clicking on the “−” next to its name.

Under the list of user groups and templates we see the user’s capabilities and granted permissions. These capabilities and permissions are a merger of the capabilities and permissions that the user was assigned via permission templates.

You can customize capabilities and permissions at the user level. Alterations that deviate are indicated by an asterisk behind the capability or the customized granted permissions. In the image above we see that the user Planner cannot create contacts or tasks. These two capabilities were active on the templates applicable for this user so they are indicated as deviations, with an asterisk. Deviations with regard to the templates can be undone by clicking on “Reset”.

Permissions that are granted by a user can be customized in a similar manner. Here too deviations to the templates will be indicated with an asterisk. These deviations are undone by clicking on “Reset”. In the example above you see that the user Planner can edit or delete events with the status ‘Option’ even though the templates did not grant permission for this. These permissions were customized at the user level; these settings are marked with an asterisk.

View the Permissions That Were Granted to a User

In Yesplan, permissions are based on the concept that a user grants permissions to other users either explicitly or via permission templates. To know which permissions were granted to a specific user – what their acquired permissions are – you can click on “Show Permission Settings” in the far right column in the list of users (found under system settings, under the “Users” tab, by the “Users” section)

At the bottom of the screen you see a list of permissions that were granted to that user.

Each record shows a specific permission; the columns show the various types of Yesplan elements. Each cell in this table contains a list of users that grant the corresponding permission for the corresponding element. For example, we see that Planner can view events owned by himself or by Administrator, and can only delete prices owned by Administrator.

Customizing Element Permissions

You can customize element permissions. These permissions will replace the permissions granted by the owner of the element. Element permissions are customized via the “Permissions” tab on the inspector of that element. This is possible for events, resources, locations, contacts and tasks. Please note that this is the only capability for managing permissions for locations and reports – these elements do not receive permissions via a permission template.

The owner of the element is shown at the top. You can change this owner by clicking on “Change Owner”.

Under the owner we see a list with various users (of user groups) who received permissions for this element. Permissions for the different users of this element can be customized via checkboxes.

This list will always contain a “Me” record. These are the permissions of the user who is signed in. To avoid accidental changes to this record you must first click on the lock before making any adjustments. Moreover, it is possible to add new records to this list (via “Add User Group or User” under the list).

Records that are added to the list can be deleted once again. It is not possible to delete existing records with permissions for a certain user (or user group), but you can activate and deactivate as many permissions as desired (if you have permission to do so).

Permissions for Locations, Placeholders and Reports

For permission templates and permissions that are granted by users, it is not possible to manage permissions for locations, placeholders or reports. Locations and placeholders are regarded as special resources; permissions for locations and placeholders are determined per element. For reports, permissions can be determined per element, and permissions that are applicable on generated reports can be determined per element.

Permissions for Locations

Location permissions are managed under system settings, under the “Resources” tab, by the “Locations” section. Then you open the location inspector by clicking on the name of the location. You can manage permissions on the “Permissions” tab of this inspector. Managing the permissions for a location is similar to managing element permissions, with the exception that a location has a user group as an owner rather than a user. This makes it easier to link locations to certain user groups.

Please note that you can also open the location inspector from the event calendar by clicking on the name of the location (in the header of the column).

Permissions for Placeholders

Placeholders do not have an owner and can be read and booked by every Yesplan user. Only administrators can change the placeholder.

It is not advisable to allow every Yesplan user to alter the prices of a placeholder so price permissions are managed. Placeholder permissions are managed under system settings, under the “Resources” tab, by the “Groups & Roles” section. Then you open the placeholder inspector by clicking on “Inspect” in the row of a certain role. You can manage permissions on the “Permissions for Prices” tab on this inspector.

Please note that you can also open the placeholder inspector from an event inspector if it has a booking for that placeholder. Open the booking inspector for that placeholder first (by clicking on the name), then open the placeholder inspector (by clicking on the button at the bottom of the booking inspector).

Implementing Permissions in Four Easy Steps

Yesplan offers an elaborate way to set up permissions. Given the complexity, permissions are best configured together with a Yesplan account manager. However, easy configurations are within everyone’s reach. What follows is a guideline for creating Yesplan users easily and setting up their permissions.

Step 1: Creating User Groups

The aim is that all Yesplan users are divided into user groups. Later we will assign one user group to each user that we create.

User groups are used for setting up permissions simultaneously for all users with the same job or role in the organization.

The first step is to identify all the different roles in your organization and to create a user group for each one. For more information about how user groups can be created, please refer to the system settings manual.

Step 2: Creating the Common Permission Template

The common permission template that we create here contains the capabilities and granted permissions that are applicable for every Yesplan user. Later we will assign this common permission template to users.

In the screen for managing permission templates create a new template called ‘Common’ then click on “Show Permissions” to set everything up.

In the ‘Common’ template we do not set capabilities. In step 3 we will create separate templates for capabilities, per user group in the organization.

In the ‘Common’ template we only set granted permissions, for every user group.

We add all user groups to the ‘Common’ template and then indicate, per user group, what they can and cannot do.

Step 3: Creating Capabilities Templates

For each user group in the organization, we create a permission template for their capabilities. In thess capabilities templates we only enter the part with the capabilities (at the top). In step 4 we will indicate per user which capabilities template is applicable.

The following items are set with the capabilities:

Step 4: Creating Users

In this last step, all users from the organization are created via the tab in the system settings for managing users. We are going to enter the following items: