Acknowledged

admin permissions - more granular permissions

  • 10 February 2017
  • 13 replies
  • 90 views

Userlevel 7
During an onsite with HPE, the request to have more granular admin permissions per user has come up. 

As we are having a configuration across different use cases and business units working on different relationship, there is a requirement to have "limited admin" role for people who can only change configurations for specific relationships, or only carry out specific actions (e.g. only create reports, only create CTAs but disable other actions in the rule engine, etc.) 

13 replies

Userlevel 6
Agree that this is needed.  First step is the changes coming in this months release that makes CTA mgmt entirely separate-able by Rel Type.   This will help prevent people from inadvertently stepping on each other.  Hard walls are pending. 
Userlevel 7
Badge +2
Hi All, We have started implementing permissions . When you navigate to Administration > Security Control > Gainsight Sharing Settings, the Gainsight Permission page opens.
Userlevel 2
Is there any update on this, or has it been added to the roadmap?

With us having a 24/7 support organization and CSMs working outside my hours as an admin, simple perm sets for like "Mass Edit CTAs" or simple rule updates are greatly needed. 

I would also be able to dole out access to managers and such without giving them the ability to go in and completely destroy a connector/ingestion process.

It feels like there should be a dedicates permissions page, with a GUI where I could assign permission sets to specific users to be able to do their jobs more efficiently, without giving them the keys to the kingdom.
Userlevel 1
Great point Brad. We are working on introducing feature level and navigation permissions soon through the concept of permissions bundle. I would be able to update you with timeline once the permissions roadmap formalizes. 
Userlevel 2
That sounds great Pawan. I look forward to it.
Userlevel 2
Badge
Definitely need more granular permissions for Surveys as well. CSMs should only be able to view their own Account results (for certain surveys). Thanks for your consideration!
Userlevel 6
Badge
Hello Team,

I have followed the steps given in https://support.gainsight.com/Product_Documentation/Reports_and_Dashboards/Admin_Configuration/Grant_Permission_to_Create_Reportsto build a new VF Tab named Report builder.

The access is controlled by a permission set Gainsight Report Builder.

But when we gave this permission set to one of our users it is opening up the entire admin functionality for that user, and support confirmed this is expected.....

We would just like to provide report builder access and not all admin functionality.\

Regards,

Jahnavi

Userlevel 5
Badge
Adding onto Jahnavi's comment and everyone else's...when can we expect this to be provided at a more granular level?  I am not sure why this was designed this way as if you think about it the Admin always had access to reports and now you are giving Admin access to anyone that has this GS Reports permission.  What was the reasoning behind this?
Userlevel 3
We also have a use case to restrict permissions to rules engine.



Which let people create, run and edit rules.

But that has another one that allows only view to some users.



Different operations areas need to check the rule logic to validate some process.

Other very important think is permissions to delete CTAs or SuccessPlans.

Thanks

This is definetly a must have for larger organizations where there is the need to delegate certain admin tasks to a subset of admins without having to give them full super admin access to the whole application.       

I see this is now planned. When can we expect this to come? 

Thank you.

Userlevel 5

@Frederico.Silva You can create Permission Bundles with access to Pages in Administration and assign these to users based on the admin tasks they are responsible for. Is this not working?

Userlevel 3
Badge

Our use case is that we have a service operations team that handles provisioning for most of our SAAS vendors to help take some of the mundane workload off our more advanced resources. Since the change from SFDC to NXT version that service operations team is disabled. I'd rather not grant them super admin full access to everything just so they can provision users.

 

I can assign them navigation to user management but it is read only unless they have super admin currently. 

Userlevel 5

@kyle_handley We are looking into this and will update a plan soon.

Reply