In Workiva, your ability to access and interact with a feature is set according to your role. Roles allow companies to scope an employee's access to only the tools necessary for their job. Once a role is assigned, access can be further restricted through the use of permissions -- such as the ability to view or edit a particular file.
Chains works much the same, but with one important difference: permissions can be applied to a single chain, an environment, or an entire workspace.
Understanding roles
Chains has three unique roles that can be assigned through the Members section of the Workspace settings screen:
-
Chain Owner: This legacy role grants full access to all Chains settings and objects; it's equivalent to the Workspace Owner role and supersedes all permissions. It can change workspace settings, variables, environments, and connections within the workspace. We recommend only trusted, top-level administrators be assigned this role.
Note: Workspace owners have the same abilities as the Chain Owner role.
-
Chain Builder: The Chain Builder role allows access to the Chains homepage, but nothing else — each team member's abilities are entirely dictated by the permissions they've been assigned. We recommend this role for most team members.
Note: Content managers have the same abilities as the Chain Builder role.
- Chain Security Admin: This role assigns permissions to other users and designate them as Environment Security Admins. This role can be assigned to a specific environment, a workplace, or the entire organization.
Additionally, there are two unique roles that can be assigned at the org level:
- Org Security Admin: This role can enable and disable connectors for the org.
-
Org Chain Security Admin: This role manages connections and runners across workspaces, and can view the Chains security audit log.
Access granted by each role
Page within Chains | Ability | Role |
Connections | View connections | Chain Owner |
Connections | Edit connections | Chain Owner |
Connections | Create connections | Chain Owner |
Connections | Delete connections | Chain Owner |
Templates | Edit templates | Chain Owner |
Templates | Create templates | Chain Owner |
Templates | Delete templates | Chain Owner |
Templates | Create/Edit template folders | Chain Owner |
Templates | View templates | Chain Owner
Chain Builder |
Templates | View partner templates | Chain Owner
Chain Builder |
Templates | Edit partner templates | Not Allowed |
Templates | Create partner templates | Not Allowed |
Workspace Settings - Runners | View runner details | Chain Owner |
Workspace Settings - Runners | Create runners | Chain Owner |
Workspace Settings - Runners | Edit runners | Chain Owner |
Workspace Settings - Runners | Delete runners | Chain Owner |
Workspace Settings - Users & Groups - Users | Edit Security Admin |
Chain Security Admin |
Workspace Settings - Users & Groups - Permissions | View permissions | |
Workspace Settings - Users & Groups - Permissions | Edit permissions |
Understanding permissions
Once roles are assigned, a Chain Security Admin can assign permissions to each user group in the workspace. For most team members, permissions will work hand in hand with the Chain Builder role: Chain Builder grants access to the Chains homepage, and permissions dictate what they can do once there.
In all, there are five permission levels assignable from Chains:
- Viewer: Permission to view chains, but not run or edit them.
- Executor: Permission to view and run chains, but not edit or create them.
- Editor: Permission to view, run, and edit chains, but not create new ones.
- Creator: Permission to view, run, edit, and create chains.
- Admin: Full admin access to chains in the Workspace.
Note: Viewer and Admin permissions cannot be manually assigned at the workspace level. Viewer permission is a default permission given to all members of the workspace, and Admin permission is granted by the user's role.
Access granted by each permission
Page within Chains | Ability | Permission |
Chains | View chains | Viewer |
Chains | Run chains | Executor |
Chains | Enable or disable chains | Executor |
Chains | Copy chains | Creator |
Chains | Create chains | Creator |
Chains | Create chain from template | Creator |
Chains | Create template from chain | Creator |
Chains | Edit chains | Editor |
Chains | Publish chains | Editor |
Chains | Promote chains to another environment | Editor (and Creator in the target environment) |
Chains | Revert chain to prior version | Editor |
Chains | Add or remove tags | Editor |
Chains | Delete chains | Admin |
Chains | Export chains | Editor |
Chains | Import chain | Creator (in the target workspace environment) |
Environments | View environments | Viewer |
Environments | Edit environments | Creator (on parent workspace) |
Environments | Create environments | Editor |
Environments | Delete environments | Admin |
Resources | View resources | Viewer (on parent environment) |
Resources | Edit resources | Write (on parent environment) |
Resources | Create resources | Creator (on parent environment) |
Resources | Delete resources | Admin (on parent environment) |
Workspace Settings | Add variables | Editor |
Workspace Settings | Edit/Delete variables | Editor |