The GoFormz user, group, and permission infrastructure works as follows:
- A user is an individual with access to the GoFormz account. A user has an email address and password, which he or she uses to access the account.
- A group is a set of similar users. Users that perform a similar function in your organization, share a geographical location, or have similar form workflow needs are often combined into a group.
- Permissions determine what a user is or isn’t allowed to do when they are logged into GoFormz. Permissions are assigned at the group level — not the user level!
Groups can be nested. For instance, you can have:
- A group called “Eastern Region” with subgroups like “Boston”, “New York City”, “Philadelphia”, “Baltimore” and “Washington DC”.
- The “New York City” group, in turn, can be further subdivided into “Manhattan”, “Queens”, “Brooklyn”, “Bronx” and “Staten Island” subgroups.
- And each of those regional subgroups can have functional subgroups like “Field Technicians” and “Supervisors”.
This creates a group hierarchy that is three levels deep, but it can go still deeper if that makes sense for your organization.
Permissions for nested groups are additive, rather than subtractive. This means that a subgroup will have all the permissions assigned to its parent group, plus any other permissions that you choose to grant. Put another way, a subgroup cannot have fewer permissions than its parent.
User grouping and permissions
User permissions are determined by the group or groups in which the user has membership. There are three simple rules that govern user grouping and permissioning:
- Users that are not part of any group do not have any permissions. This means they have very limited access to the GoFormz platform. As a best practice, we recommend that every user should be a part of at least one group.
- A user can have membership in multiple groups. For instance, using our geographical grouping example from the previous section — you may have a user that works in both Baltimore and New York. You would then add this user to both the “Baltimore” and “New York” groups.
- User permissions are additive. This means that when a user is a member of multiple groups, the group permissions are added together to obtain the user’s permissions. For example, suppose that a user has membership in groups A and B. Group A has permissions for copying forms but not for transferring forms, while Group B has permissions for transferring forms but not for copying forms. Since permissions are additive, the user in this scenario will have permissions to both copy and transfer forms.
There is a special group called “Administrators” that is part of every GoFormz account. This group cannot be deleted or edited, and you cannot add any subgroups to it. The only thing you can do with this group is add members to it or remove members from it.
Users with membership in the “Administrators” group will have full administrative privileges to your GoFormz account. See here for a description of admin privileges.
Key uses of groups & permissions
User groups serve three key functions in GoFormz:
- Access control: Since permissions are set at the group level, groups are necessary for controlling user access to various segments of GoFormz functionality. There are three main areas that you can control with group-level permissions:
- Management access: You might have a group of users who just fill out forms and should not have access to templates or reports, and another group of users that needs to be able to create new form templates and look at reports. Groups make it easy to set this up.
- Form functionality: Suppose you have two types of users: field techs and supervisors. You might want the field techs to be able to complete, tag, transfer, and email forms; but you may want to restrict higher-level functionality — like deleting forms, copying forms, or reopening completed forms — to the supervisors. Groups enable you to do this.
- Template access: You may use GoFormz forms in several distinct areas of your business. For instance, you may have a Work Order Form for field techs, and an HR Hiring Form for human resources. You may want to restrict access so that field techs only have access to the work order form, and HR employees only have access to the hiring form. Group permissions let you do this.
- Ease of management & organization: You can set up your GoFormz group hierarchy to mirror your organizational hierarchy. As an administrator, this makes it much easier for you to manage your users and to make necessary changes.
- Collaboration: During the form transfer workflow, you can assign a form to a group, rather than an individual user. Then any user within that group can claim the form. This is very useful when someone in a particular role needs to fill out a form, but it doesn’t matter who specifically. For instance, in your organization a supervisor may need to review and sign off on all work orders — but it doesn’t matter which supervisor. In this situation, you can assign work orders to the Supervisors group, and then whichever supervisor has the bandwidth to review it can claim it.
Example Use Case
Let’s go through a simple example of the user/group/permission infrastructure. Suppose your organization has 3 form templates -- Field Work Order, Job Safety Checklist, and HR Hiring Form. And you have 8 people who need to use GoFormz:
- John Q Manager - Administrator
- Frank Smith - Field Technician (San Francisco)
- Jane Doe - Field Technician (San Francisco)
- Stan Goldstein - Field Technician (Los Angeles)
- Mary Goodwin - Field Technician (Los Angeles)
- Karen Jackson - Field Supervisor
- Michael Baker - Human Resources
- Jack B Nimble - Splits his time between Field Supervisor and Human Resources
You want the user permissions to work as follows:
- The Administrator has access to everything, and is the only person with admin access.
- Field Technicians have access to the forms relevant to their work, but cannot view reports or edit templates. Technicians in different locations will have slightly different workflows, and thus should be in separate groups.
- Supervisors work across all locations. They need to be able to edit templates and view summary reports, but should only have access to the forms relevant to their work.
- Human Resources should have access to the HR Hiring Form, and should also be able to edit templates and create reports.
This might sound complicated, but it’s actually very easy to set up in GoFormz! If you are John Q Manager — the administrator — here is one way you might set this up. Click on the links to learn more about each step.
- Create all the users
- Create two template folders -- Field Forms and HR Forms. Place the Work Order and Safety Checklist into the Field Forms folder, and the Hiring Form into the HR Forms folder.
- Create a group called Field Techs. The group’s permissions should exclude all the “Access Web Dashboard” permissions, since Field Techs don’t need to be able to view reports or edit templates — they just need to be able to fill out forms. Additionally, give this group permission to access the Field Forms template folder, but not the HR Forms folder.
- Create two subgroups under the Field Techs group, called San Francisco and Los Angeles. These subgroups will automatically inherit the correct permissions from the Field Techs group. Place Frank and Jane in the San Francisco group, and place Stan and Mary in the Los Angeles group.
- Create a group called Supervisors, and place Karen and Jack into this group. The group’s permissions should include everything except permission to access the HR Forms folder.
- Create a group called Human Resources, and assign Michael and Jack to this group. The group’s permissions should include everything except permission to access the Field Forms folder.
- And you’re done!
Here is a summary of what your group hierarchy will look like at the end of this:
|Field Techs||No access to web dashboard|
|San Francisco||Field Techs||Frank, Jane||Same as Field Techs|
|Los Angeles||Field Techs||Stan, Mary||Same as Field Techs|
|Supervisors||Karen, Jack||No access to HR Forms folder|
|Human Resources||Michael, Jack||No access to Field Forms folder|
|Administrators||John||Special group, admin level|
Notice that every user is a member of at least one group, and that Jack is in two groups — Supervisors and Human Resources.
Use the links below for more information on: