This document provides an overview of the theory behind user permissions/access levels within the Checkbox application.
- User Roles
- User Permission Settings
- Access Control Lists (ACL)
- Permissions Diagram
- User Permissions Review
User roles are the first level of security in Checkbox. They are assigned to Checkbox users and dictate which areas and functions of Checkbox the user has access to. You can select one or more user role(s) for any given user, depending on the level of access you wish to grant them within Checkbox.
In order for a user to have access to a function in Checkbox, he or she must first have the proper user role. For instance, in order for Joe to be able to send out a survey invitation, he must first be assigned a user role of System Administrator or Survey Administrator, since these are the only two user roles that allow for access to survey invitations. If Joe was only a Survey Editor, our Survey Admin Mary would never be able to give access to Joe to send out her survey invitations, because his user role doesn’t permit it.
However, with the exception of the System Admin (who is a super-user), a user’s role alone does not give a user access to all surveys, reports, folders, and users. By default, a user has access only to what he or she has created. For example, if Mary and Joe are both Survey Admins, they will be able to create and manage their own surveys and reports because their user roles allow them to do so. However, even though they have the same user role, they can’t see each other’s surveys and reports unless they share access with each other by editing the survey or report’s permissions.
Below is a summary of user roles and the capabilities of each. For more specific information on User roles, click here for our User Roles Guide.
- System Administrator: Super-user. Has access to all surveys, data, users, and system settings.
- User Administrator: Has the ability to create and modify new users. User Administrators can only modify users they have created.
- Survey Administrator: Has the ability to create, edit, and manage new surveys and reports. Survey Administrators can also create and modify Styles.
- Respondent: Has the ability to respond to surveys.
- Report Viewer: Has the ability to view existing reports (when granted access by the report creator or a System Administrator).
- Report Administrator: Has the ability to create and modify new reports.
- Survey Editor: Has the ability to modify existing surveys (when granted access by the survey’s creator or a System Administrator).
- Group Administrator: Has the ability to create new groups and assign users to groups.
Access Control Lists (ACL)
In Checkbox, the Permissions of a survey, report, folder, user group or Library are controlled by an Access Control List (ACL). If a user wants to share access to a survey, report, etc. with another admin user, he would need to add that user (or a user group that the user belongs to) to the Access List for his survey or report. The only exception would be for System Admins – they don’t ever need to be added to ACL’s since they have access to everything in the Checkbox account by default.
Note that in order for the permissions that are granted on the ACL to take effect, the user on the ACL must first have the appropriate user role (see above).
Configuring an ACL
ACL’s for surveys, folders, reports, user groups and libraries all have the same format. You have to first add a user or group to the ACL, then select the permissions settings you want to apply to that user or group. The Default Policy is used to set default access for anyone not specifically on the ACL.
Access Lists can be found in the Permissions area for surveys, reports, folders, and Libraries. To add a user to an ACL, click the Add Users/Groups to Access List tab.
Users/groups on the right are already included on the ACL (System Administrators will appear on the right by default because they have access to all entities within Checkbox). Users/groups on the left can be added to the ACL by clicking the desired entry. The entry will then move to the right-hand box.
The next step is to configure the newly added user’s permissions. To do this, move to the Access List tab.
Select the newly added user to reveal a list of permissions on the right. Select desired permission(s), making sure that the permission level you select corresponds with the user’s designated user role(s).
After configuring the user’s permission level, select Save Changes.
A survey’s Default Policy is the permissions setting for all users not included on the entity’s ACL. For example, if on the Access List tab you granted specific users permission to administer a survey, but want anyone not specified on the ACL to still be able to respond to the survey, set the Default Policy to “Take Survey” (see image above). ACL permissions supersede any default policy.
User role limitations still apply for default policy permissions. For example, if the default policy for a survey is “Edit/Take Survey”, only users with the Survey Editor or Survey Administrator user role are able to access the survey.
NOTE: There are two exceptions to this rule, which allow anonymous persons not registered in Checkbox as users (no assigned user role) to access specific entities. The first is setting the default policy of a survey to “Take Survey”, which allows anyone with the survey URL to take the survey without the Respondent user role. The second is setting the default policy of a report to “View Report”, which gives anyone with the report URL the ability to view the report without the Report Viewer user role. The reason for the two exceptions is because both of these actions technically act outside of the application.
User Permissions Review
- Checkbox allows you to set permissions on Surveys, Folders, Reports, User Groups, Libraries and Email Lists.
- Checkbox allows you to set different access roles for individual users within Checkbox.
- Being assigned a user role does not in of itself grant a user access to a Checkbox entity. Being a member of a role simply controls which permission can be granted to a given user.
- The System Administrator has rights over all entities of Checkbox and does not need to be configured on any ACL or security page. When testing surveys for your respondents DO NOT use the System Administrator account since permissions will be superseded and you will not have a proper representation of how your survey will behave.
- If you configure the permissions of your survey correctly but a user still cannot view/edit it, be sure to double check your folder permissions to confirm you have set those permissions as well.