In Workiva, your ability to access and interact with a feature is set according to your role. Roles allow companies to scope an employee's access to only the tools necessary for their job. Once a role is assigned, access can be further restricted through the use of permissions — such as the ability to view or edit a particular file. Chains follows this same model, but includes a subset of permissions unique to Chains.
This guide will walk you through how to create user groups in Chains, assign appropriate roles, and set up the necessary permissions.
Step 1: Remove permissions from the Default user group
All new Chains users are automatically placed in the Default user group. This user group is only visible in Chains and will not appear in the rest of Workiva. It cannot be deleted or removed.
Because this group includes everyone in your workspace, we recommend removing most of its permissions.
Note: The Chain Security Admin role is required to assign permissions in Chains.
- In Chain Builder, click Settings at the top left.
- From the navigation bar at the top, select Users & Permissions.
- From the Permissions tab, select the Default user group.
- On the right side, uncheck the boxes to remove all permissions. Your changes will save automatically.
Step 2: Create the Chain Owners user group
Now that you've removed permissions from the Default group, you'll need to create new groups and sort your staff members into them. These groups will define the abilities that each person has in your software.
At minimum, you must create a Chain Owners group that permits users to view, run, edit, and create chains.
Here's how:
- From Workiva Home, click Settings at the top left.
- Under Workplace Settings, select the Groups tab.
- Click Create Group on the right side.
- Name this group Chain Owners.
- Now add workspace members to the group by searching for or selecting individuals. Remember that users in this group will have the ability to view, run, edit, and create chains.
- Click the Create Group button to finish.
You'll set the permissions for this group in Step 4.
Note: Need more help? Click here to see our full article on setting up user groups.
Creating additional user groups
You've now set up a Chain Owner group that has complete access to chains. This is the only required group, but you may want to allow other staff members to access chains as well.
In this case, we recommend following the steps above to create two additional groups:
- Chain viewers: This group has view-only access to Chains.
- Chain runners: This group can view and run chains, but can't modify or create them.
Step 3: Assign new user roles
Now that you've set up user groups for your staff members, you'll need to assign each person an updated role.
Here's what we recommend:
- Remove the Chain Owner role from all Chains users: This legacy role grants admin access to all Chains settings and objects. It is no longer necessary and may allow users unwanted access to your chains.
- Assign the Chain Builder role to all Chains users: The Chain Builder role grants access to the Chains platform itself, but grants no other abilities on it's own.
- Assign the Chain Security Admin role to at least one person: This role allows the administrator to assign permissions to other users. At least one person should have this ability.
To update your members' roles, follow these steps:
- From Workiva Home, click the People icon at the top left to access the Members screen.
- From the Members screen, check the box next to each person you want to update.
- Click Edit Roles at the top.
- Check to apply a role or uncheck to remove a role. A dash in a checkbox indicates that some of the selected members already have this role.
- Click Apply to finish.
Note: Need more help? Click here to see our full article on changing roles.
Step 4: Set permissions for your new groups
At this point, your staff members should be assigned their new roles and groups. The final step is to assign unique permissions to each group; these permissions, in turn, will decide the level of access granted to each staff member.
Note: The Chain Security Admin role is required to assign permissions in Chains.
Here's how to assign permissions:
- In Chain Builder, click Settings at the top left.
- From the navigation bar at the top, select Users & Permissions.
- From the Permissions tab, select the Chain Owners group.
- Under Permissions on the right side, place a checkmark under Creator. Your changes will save automatically.
At this point, you've finished applying permissions to the Chain Owners group. If you created the optional Chain Viewers or Chain Runners groups, repeat this step and choose the appropriate permissions for that group.
Understanding permission levels
Permission levels in Chains are leveled and correlated, meaning some permissions are automatically enabled when a higher-level permission is enabled. For instance, the Creator permission will automatically grant the Executor and Editor permission.
Please note that not all checkboxes can be selected within a workspace.
Permission | Abilities granted |
Viewer | Permission to view chains, but not run or edit them. (Not assignable here.) |
Executor | Permission to view and run chains, but not edit or create them. |
Editor | Permission to view, run, and edit chains, but not create new ones. |
Creator | Permission to view, run, edit, and create chains. |
Admin | Full admin access to chains in the Workspace. (Not assignable here.) |
Note: Viewer and Admin permissions cannot be assigned at the Workspace level. Viewer permission is a default permission given to all members of the workspace, and Admin permission is granted by the user's role.
FAQ
Can I assign permissions to individual chains?
Yes, but this does require Environment Security Admin rights in the chain's parent environment.