Permissions

Permission is the level of client access granted to a user or team. The permission is initially specified when granting client access to other users or teams.

To use the Everyone team, the Default Permissions Policy must be enabled by your Subscription Administrator. For details, see Policies Page.

Four Levels of Permission

1. Reader – Users with Reader permission can view all information and plans for a client, but cannot make changes to client information or save changes to plans.
2. Editor – Users with Editor permission can view and make changes to all information and plans for a client, but cannot remove the client or grant client permissions to other users or teams.
3. Owner – Users with Owner permission can perform all Editor functions and can also remove the client and grant client permissions to other users or teams. Note that every client must have at least one user with Owner permission.
4. Blocked – Users with Blocked permission cannot access the client.

User Permission vs. Team Permission

Rule: User permission supersedes team permission.

Example: Team A has been granted Editor permission to a client. As a member of Team A, user John Smith has Editor rights to the client. Susan, a user with Owner permission to the client, decides to block John’s access to the client, so she sets John’s client permission to Blocked. Now, even though he is still a member of Team A (which has Editor rights to the client), John can no longer access the client because his user-level permission takes priority over his team-level permission.

Priority of Team Permissions

Rule: The permissions are listed above in order of priority, from lowest to highest, such that:

• Editor team permission supersedes Reader team permission.
• Owner team permission supersedes Editor and Reader team permissions.
• Blocked team permission supersedes all other team permissions.

Example: User John Smith is a member of two teams: Team A and Team B. Team A has been granted Reader permission to a client. Team B has been granted Editor permission to the same client. As a result, John has Editor rights to the client because Editor permission supersedes Reader permission.

Permission Policies

Default Owner

When you add a client, your default permission to the client is Owner. With Owner permission, you always have full freedom to grant client permissions to other user or teams, and you have full freedom to change or remove client permissions.

Everyone Team

Subscription Administrators can enable the Default Permissions Policy, a setting that automatically grants client permission to everyone in the firm whenever new clients are added by any user. For example, if your Subscription Administrator enables the Default Permissions Policy and specifies Editor as the default permission, then whenever a user adds a new client, everyone in your firm is automatically granted Editor permission to the new client.

My Client Permissions

There is a feature that allows you as a user to specify the default permissions to be applied whenever you add a new client. It is called My Client Permissions and it is accessible from the Clients page.

Resolving Conflicts in Default Settings

What if your Subscription Administrator has enabled the Everyone team firm-wide default AND you have set up your My Client Permissions default setting? Which one will be applied when you add a new client? Conflicts in default permission policies are resolved as follows:

1. You as Owner – When you add (or import) a new client, you as Owner always have full control of the permissions granted to the new client.
2. The Everyone team if enabled by SA – The Everyone team – and the permission level specified by your SA – is listed on the Add Client page (or Import Clients page). Before you add the new client, you can change the permission level of the Everyone team or you can remove the Everyone team from the list of grantees.
3. Your My Client Permissions if set up by you – If any of the permissions you specified in your My Client Permissions conflict with those specified by your SA, then your My Client Permissions will persist.