This article describes the default rights of users, process based permissions and how to assign basic account rights such as management of users, roles, components etc.

If you are looking for help on how to set up advanced permission groups, take a look at this article: Advanced permission group management.

TIP! Permission groups work well with Profiles. Where permission groups specify what the user CAN DO, Profiles specify what the user CAN SEE.

All users can view and comment on public processes. Once you have set up a new user and assigned a license, this person can:

A process can have different kinds of users. The simple permission model enabled by default is as follow:

To supplement we allow you to grant Global Permissions on account level to processes by adding users to a Permission Group.

If added to a permission group, the user will be granted a certain permission across all processes regardless of process ownership or process editor status.

Using permission groups you do not have to manage editing rights on every single process. This is very useful for members of your process excellence team working on multiple processes across your organisation. Furthermore, it also lets you assign certain rights to admin super users, so that they can assist the account owner in managing users, roles, components etc.

Permission groups related to rights are standard and can only be assigned to users, not changed.

There is, however, an option to set up custom permission groups, which can be very useful when the goal is to limit access to certain parts of the process hierarchy for a specific group of users. Learn more about it here: Advanced permission group management.

There are 11 different standard permission groups:

Below you will find an explanation for each individual group and what rights users receive when assigned to a certain permission group.

1. Manage account

The person that created your account is by default the 'Account Owner'. The account owner has all the rights mentioned in this article (Read more about account owners below)

However, you can add others to help the account owner to manage the account by assigning 'manage account' rights. A user with these rights will be able to assist with all the general account stuff - permissions, users, adding labels, components, etc.

2. Manage users

Typically given to HR administrators who manage how new colleagues are introduced and how colleagues leave the company. Assigned to this permission group, the user can:

3. Manage user permissions

When added to this permission group, the user can assign members to permission groups and create custom permission groups. Typically given to administrators and managers that are in charge of delegating user rights.

4. Manage roles

This is useful for the HR people that maintain the common role library that is reusable across all processes. By managing your roles centrally you avoid duplicates likes different managers creating similar-sounding role names.

If you add a user to the ‘Manage roles’ permission group, the user can manage the account’s common role library (called ‘Roles’) – add/edit/delete roles – their names and descriptions. Other users can still use the roles in processes – they just can’t change role descriptions and names.

5. Create new processes

The user can create a new process in the process hierarchy. However, once process ownership is delegated to somebody else, the user will not be able to work on the process anymore (unless they are set to be an editor) - this can be considered the 'light' version of 'Manage processes'. This right only allows the user to create new processes, not manage or edit existing processes owned by other users.

6. Manage all processes

Any user can be added as Owners or Editors of specific processes. This allows them to manage specific processes – and only these. However, you can allow a user to edit ALL processes by assigning a user to this permission group. The user is able to edit ANY process and work instruction even if they are not assigned as an owner or editor.

7. Manage drawings

This allows the user to create new and edit existing process hierarchy drawings and decide what drawings are shown in the left-hand menu. It does, however, not let the user decide which drawings are shown to which user profile.

8. Manage components

If added to this permission group, the user can create and edit components that are used across your account.

9. Manage labels

Users in this permission group can create and edit labels. Other users can assign the labels to processes, activities and comments.

10. Manage forms

Users in this permission group can create and edit forms. Other users can assign the forms to tasks and/or fill in the forms when closing a task.

11. Copy from account

Members of this permission group are able to copy processes from one account to another. They need to have a user on both accounts and the right to create new processes. This is very useful if you have separate Gluu accounts for each of your subsidiaries or if you are a consultant and want to share best practice processes with your customers.

The user who originally created the account is the ‘Account owner’ by default. This user has all rights above. In addition to this, the Account Owner has the rights to manage plans and billing through access to the billing page where user seat numbers can be changed, plans and payment details can be changed. This is where you can also manage account defaults and even close the account.

As an account owner you can view and change owner in the 'Account settings' section: