The Chains security model is based on a set of roles and permissions that permit staff members to access only the tools necessary for their job. Once roles are assigned, you can assign permissions to each user group within Chains.
Requirements
- The Chain Security Admin role is usually required to assign permissions in Chains, but an Environment Security Admin can assign permissions within their environment. Learn how to assign an Environment Security Admin.
- Staff members must be sorted into user groups and assigned a role before permissions are assigned.
Assign permissions to user groups
A Chain Security Admin can assign unique permissions to a user group; these permissions, in turn, decide the level of access granted to each staff member.
Here's how to assign permissions:
- In Chain Builder, click Settings at the top left.
- From the navigation bar at the top, select Users & Permissions.
- From the Permissions tab, select the user group you need to assign permissions to.
- Under Permissions on the right side, select the desired permission level. Your changes will save automatically.
Permission levels in Chains are leveled and correlated, meaning some permissions are automatically enabled when a higher-level permission is enabled. For instance, the Creator permission will automatically grant the Executor and Editor permission.
Please note that not all checkboxes can be selected within a workspace.
Understanding permission levels
| Permission | Abilities granted |
| Viewer | Permission to view chains, but not run or edit them. (Not assignable here.) |
| Executor | Permission to view and run chains, but not edit or create them. |
| Editor | Permission to view, run, and edit chains, but not create new ones. |
| Creator | Permission to view, run, edit, and create chains. |
| Admin | Full admin access to chains in the Workspace. (Not assignable here.) |
Note: Viewer and Admin permissions cannot be assigned at the Workspace level. Viewer permission is a default permission given to all members of the workspace, and Admin permission is granted by the user's role.
Manage Connections and Manage Runners
The Manage Connections and Manage Runners checkboxes are now found at the top of the Access section of the Organization Settings screen. These allow you to grant access to connections and runners at the same time that you set up other group-level permissions. Only a Chain Security Admin (Workspace) can make these changes.
The Manage Connections checkbox grants the ability to:
- Manage all connections in a workspace.
- Access the Workspace Settings button at the top of the main navigation panel on the left side.
- Create and manage permissions for a connection just as the Chain Owner can.
- Edit and delete existing connections.
The Manage Runners checkbox grants the ability to:
- Manage all runners in a workspace.
- Access the Workspace Settings button at the top of the main navigation panel on the left side.
- Install and configure new runners just as the Chain Owner can.
- Edit and delete existing runners.
Please note that these abilities only allow members of the user group to edit settings in their current workspace. To edit settings in another workspace, they must switch to it.