Access Groups and User-Based Access Controls

Owned by Space Sync for Confluence
Last updated: Nov 14, 2024
3 min read

TeamForm has defined user access groups, which provide access to parts of the application. TeamForm has additional user-based access controls which enable further use level behaviour.

User access groups are typically defined via SSO groups, these can be created new or re-used if there are already access groups that cover the intended population.

TeamForm Access Groups

The below Groups are to be created on the customer Identity and Access Control Provider (IACP). Once setup the access groups can mapped into TeamForm to provide synchronised access and control.

 

Access Groups

Directory User

Power User

Reporting User

Admin

TeamForm Support

Access Groups

Directory User

Power User

Reporting User

Admin

TeamForm Support

Typically given to

All team members

Leaders of teams, to enable team and work planning

Analyst / reporting, some leadership roles, admin roles

TeamForm Admins

Typically reserved for TeamForm Support


Have access to

Directory View

TeamForm App

 

TeamForm Reporting

 

 

Admin Controls

 

 

 

Dev Tools

 

 

 

 


Basic Features

Directory

  • View own team.

  • Edit team name, description and background within own team.
    If enabled.

All from Directory Users and:

  • View teams summary page.

  • Browse teams by type.

  • View history for people and teams.

Tags

  • View tags.
    Only for tags which type is set as “visible in Directory” via tag config.

  • View tags.
    Only for tags which type is set as “visible in app” via tag config –this includes Directory.

  • Edit tags.
    Only for tags which type has edit enabled via tag config.

  • View all tags.

  • Edit tags.
    Including the ones having “Allow Admin to edit read only tags” toggled on in Tags config

Workspaces

  • View default workspace only (unless access to other workspaces granted via settings → workspace access)

  • View default and other workspaces via workspace switcher.

  • Workspace management.

  • Workspace Config.

  • Edit details for all teams.


Advanced Features

Planner

No access

  • For their team.
    If enabled based on user or Group Access restrictions in settings (see below).

Forecast

Team Builder

People Allocation

Reporting

No access

  • View queries and data for enabled workspaces.
    Set at group / user level via reporting settings.


Admin Features

Settings

No access

No access

No access

  • View & edit Tenant settings, including datasources / integrations & planning periods.

Dev Tools

No access

  • Bulk moves, bulk allocations and batch operations for groups, people and tags.

  • Workspace cloning and feature flags management.

User Home

A user can be shown a personalised landing page in both App & Team Directory.

TeamForm needs to be able to link a user’s auth0 account to person data stored in the teamform-api backend. The mechanism for this is email address matching.

A user’s email address needs to come in as an attribute with a type of id to be used for this purpose. The easiest way to achieve this is to run an import with this column header, where each row contains the email address of the person: Attributes:id:email:Email

When a user makes a request we attempt to match the email on their auth0 profile to the email addresses that we have imported. We first try an exact match, and then a lowercase match.

Screenshot 2024-05-14 at 10.32.46.png
Example home screen for a leader or power user in a team.

 

 

6cb693fe-237d-4670-a5bd-f1454ef3822a.png
Example of a home screen for a directory user

 

 

Troubleshooting

  1. ensure the person data returned from the backend has the id attribute. The easiest way is to use devtools on Chrome or Firefox and inspect the person -> attributes payload on the network tab.

  2. Seek TeamForm support to ensure the user’s email in TeamForm’s authentication platform (auth0) matches that loaded into TeamForm from the people or HR information system.

The feature can be tested by performing an import that has your own email address as an attribute, and then visiting Team Directory or App.

Further restrictions you can apply

Related information

Filter by label

There are no items with the selected labels at this time.