Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

TeamForm has defined user access groups, which provide access to parts of the application. It also TeamForm has additional user-based access controls which further defines information and functionality available based on userenable further use level behaviour.

User access groups are typically defined via SSO Groupsgroups, these can be created new or re-used if there are already access groups that cover the intended population.

TeamForm Access

...

Access

...

Functionality

...

Directory (typically given to all team members)

...

Directory Only

Directory view (for default workspace only):

...

View tags if set visible in Directory via tag config

...

Groups

The below Groups are to be created on the customer Identity and Access Control Provider (IACP). Once setup the access groups can mapped into TeamForm to provide synchronised access and control.

Access Groups

Directory User

Power User

Reporting User

Admin

TeamForm Support

Typically given to

All team members

Leaders of teams, to enable team and work planning

Analyst / reporting, some leadership roles, admin roles

TeamForm Admins

Typically reserved for TeamForm Support


Have access to

Directory View

(tick)

(tick)

(tick)

(tick)

(tick)

TeamForm App

(tick)

(tick)

(tick)

(tick)

TeamForm Reporting

(tick)

(tick)

(tick)

Admin Controls

(tick)

(tick)

Dev Tools

(tick)


Basic Features

Directory

  • View own team.

  • Edit team name, description

,
  • and background

in directory
  • within own team

(if
  • .
    If enabled

)TeamForm app (for default workspace only)
  • .

Power (typically given to leaders of teams, to enable team and work planning)

Directory and TeamForm App

Directory plus

All from Directory Users and:

  • View

team

As above plus admin controls

  • View other workspaces via workspace switcher in directory and TeamForm app

  • View & edit global settings

  • Workspace management

  • Workspace Config

  • Edit details for all teams

Reporting (typically analyst / reporting, some leadership roles, admin roles)

TeamForm reporting
  • teams summary page.

  • Browse teams by type.

  • view people, team history

  • Planner/forecast/team builder/allocate people (if enabled) for their team only if user-based Group Access restrictions are enabled - see below)

  • Admin (Typically given to TeamForm Admins)

    • View history for people and teams.

    Tags

    • View tags.
      Only for tags which type is set as “visible in Directory” via tag config.

    • View tags.
      Only for tags which type is set as “visible in app” via tag config –this includes Directory.

    • Edit tags.
      Only for tags which type has edit enabled via tag config.

    • View all tags.

    • Edit tags.
      Including the ones having “Allow Admin to edit read only tags” toggled on in Tags config

    Workspaces

    • View default workspace only (unless access to other workspaces granted via settings → workspace access)

    • View default and other workspaces via workspace switcher.

    • Workspace management.

    • Workspace Config.

    • Edit details for all teams.


    Advanced Features

    Planner

    No access

    • For their team.
      If enabled based on user or Group Access restrictions in settings (see below).

    Forecast

    Team Builder

    People Allocation

    Reporting

    No access

    • View queries and data for enabled workspaces

    aka data sources (set
    • .
      Set at group / user level via reporting settings.

    )

    TeamForm Support

    All of above plus dev tools

    Devtools (bulk


    Admin Features

    Settings

    No access

    No access

    No access

    • View & edit Tenant settings, including datasources / integrations & planning periods.

    Dev Tools

    No access

    • Bulk moves, bulk allocations

    ,
    • and batch operations for groups

    /
    • , people

    / tags, workspace cloning, workspace feature flags)

    Additional Access Controls

    • and tags.

    • Workspace cloning and feature flags management.

    User Home

    A user can be shown a personalised landing page in both App & Team Directory.

    TeamForm needs to be able to link a user’s auth0 account to person data stored in the teamform-api backend. The mechanism for this is email address matching.

    ...

    When a user makes a request we attempt to match the email on their auth0 profile to the email addresses that we have imported. We first try an exact match, and then a lowercase match.

    ...

    6cb693fe-237d-4670-a5bd-f1454ef3822a.pngImage Added

    Troubleshooting

    1. ensure the person data returned from the backend has the id attribute. The easiest way is to use devtools on Chrome or Firefox and inspect the person -> attributes payload on the network tab.

    2. Seek TeamForm support to ensure the user’s email on their auth0 user matches what we’ve stored in the backend. Use the auth0 webapp to see the user’s email address.

    3. ensure the flagsmith feature flag user-routed-to-personal-dashboard is not set to false.

    4. in TeamForm’s authentication platform (auth0) matches that loaded into TeamForm from the people or HR information system.

    The feature can be tested by performing an import that has your own email address as an attribute, and then visiting Team Directory or App.

    Group Access Restrictions

    A user can be restricted from accessing groups (i.e. teams) within planner, forecast and teambuilder .

    To enable group access restrictions on a workspace, go to Configure Workspace → Group access:

    ...

    Once this is toggled on, only admins will be able to see all groups via planner etc.

    To grant users access to groups, an import needs to be performed that specifies the group ids that they can access. They will have visibility of these groups and any of their children.

    The ids need to be under a column or mapped to a column named AccessGroupIds. Multiple group ids can be provided, separated by a ; delimiter.

    Example CSV import:

    ...

    PersonID

    ...

    Attributes:id:email:Email

    ...

    AccessGroupIds

    ...

    48066180

    ...

    firstname.lastname@companyname.com

    ...

    XXXX1234;YYYY1234;ZZZZ1234

    This CSV file then needs to be imported using a File Upload → Data integration.

    ...

    ...

    Workspace Access Restrictions

    When there is more than one workspace, a user can be restricted from accessing one or more workspaces.

    To enable workspace restrictions a workspace, go to go to Configure Workspace → Workspace access:

    ...

    Once this has been enabled, users can be granted access to the workspace with an import that specifies their email address which needs to match their user login.

    Example CSV import

    ...

    emails

    ...

    Further restrictions you can apply

    Child pages (Children Display)
    depth1
    allChildrentrue
    style
    first0
    sortAndReverse

    Related information

    Filter by label (Content by label)
    showLabelsfalse
    max5
    spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@9e4
    maxCheckboxfalse
    showSpacefalse
    sortmodified
    typepage
    reversetrue
    labelsteam team-details types
    cqllabel in ( "system-admin" , "access" , "security" , "log-in" , "logging" ) and type = "page" and space = "OS"