Permissions

Who can set permissions for users in MinuteBox?

Only admins can set permissions for users in MinuteBox.

How can I tell if I am an admin?

There are two ways to tell if you are a MinuteBox account admin.

Check if you are an admin in Settings:

Method 1:

  1. Go to the MinuteBox Dashboard.
  2. In the top right corner of the screen, click the ••• action menu.
  3. Select Settings. (Tip: you can quickly navigate to Settings from anywhere in the system by pressing the G key on your keyboard to bring up the Global Go To menu and then press S on your keyboard to travel to settings).
  4. On the left panel click Users.
  5. Find the row containing the user in question.
  6. Find the column with the heading Admin.
  7. If there is a check mark in that column for the user row then that user is an admin. (Note: Only an admin can make another user an admin)

Method 2:

  1. Go to the MinuteBox Dashboard.
  2. In the top right corner of the screen, click the ? Help Menu.
  3. Click About MinuteBox. (Tip: You can navigate to the About MinuteBox screen more quickly from anywhere in the system by pressing Shift-I on your keyboard).
  4. At the bottom of the modal click Diagnostics.
  5. If the diagnostics screen says "admin": true then you are an admin.

How do I set permissions for users

Note: By default, users do not have permission to view any entities in the system. This accords to the principle of least privilege. Accordingly, positive steps must be taken to grant a user access to one or more entities. Admins always have access to all users and their access cannot be restricted.

If you are an account admin, to set permissions for a user follow these steps:

IMPORTANT: See the warning at the end of this document regarding the Create user filter.

Summary

  1. Create an entity filter for the entities you want to apply permissions to.
  2. Create a user filter for the users that you want to give permissions to.
  3. Apply permissions to the user filter for the entity filter according to the permissions you want to set.

Details

1. Create an entity filter for the entities you want to apply permissions to.

  1. Go to the MinuteBox Dashboard.
  2. Click the Filter button in the Toolbar.
  3. Create a Filter based on the options available for the entities you want to add permissions to. For example, if you want to add permissions to all of your entities in Ontario, then simply create a filter where Jurisdiction is Ontario.
  4. Click *Save Filter... and give the filter a descriptive name.

2. Create a user filter for the users that you want to give permissions to.

  1. Go to the MinuteBox Dashboard.
  2. In the top right corner of the screen, click the ••• action menu.
  3. Select Settings. (Tip: you can quickly navigate to Settings from anywhere in the system by pressing the G key on your keyboard to bring up the Global Go To menu and then press S on your keyboard to travel to settings).
  4. On the left panel click Users.
  5. Follow the same steps as above to create a Filter for the users that you want to give permissions to. For example, if you want all Law Clerks to have access to the entity filter you created in the previous step, create a filter where Role is Law Clerk.
  6. Click *Save Filter... and give the filter a descriptive name.

3. Apply permissions to the user filter for the entity filter according to the permissions you want to set.

  1. Go to the Users section of your account settings. If you have just completed the step above (2. Create a user filter for the users that you want to give permissions to.) then you should already be in the User section of your account settings.
  2. Put your mouse over the saved user filter that you want to give permissions to.
  3. Click the ••• action menu next to the user filter.
  4. Click Set Permissions from the action menu.
  5. Follow the instructions in the Set Permissions modal.

WARNING: A user that has created an entity will always have view and edit permissions on that entity, notwithstanding any subsequent permissions that are set for user. For example, if Jane Smith creates ABC Inc. and is later added to a filter that attempts to restrict Jane's ability to edit the entity, she will still be able to edit the entity. This only applies to the entities created by a specific user. Solution: If you need to restrict the permissions of an entity created by that user, you must export the entity and have another user re-import the entity so that they will be the "creator".

How do I create an ethical wall to prevent a specific user from seeing a specific entity?

Note: By default, users do not have permission to view any entities in the system. This accords to the principle of least privilege. Accordingly, positive steps must be taken to grant a user access to one or more entities. Admins always have access to all users and their access cannot be restricted.

Permissions in MinuteBox are extremely powerful and dynamic, allowing for incredibly granular permission structures. There are many ways to accomplish the same end. This article provides one example on how to create an ethical wall to prevent a specific user from seeing a specific entity.

If you are not yet familiar with permissions, generally, please be sure to read our article titled How do I set permissions for users for an introduction.

Note: Permissions in MinuteBox are cumulative. This means that if a user is given permissions across multiple User filter groups for the same entity, that user will have maximum permissions granted. E.g. If Jane has permissions to View an entity in one permission set and permissions to Update and Edit the same entity in another permission set, Jane will have permission to View, Update and Edit that entity.

Accordingly, to prevent a user from accessing one or more entities pursuant to an ethical wall, you accomplish this through negative, rather than positive action. I.e. you accomplish this by ensuring to not grant the user access permissions rather than taking specific positive action to restrict the user.

1. Give general permissions to some or all users

  1. Create a User filter that includes all users except the user you wish to restrict.
  2. Grant those users View access to some or all entities in your account, including the ones you wish to protect with an ethical wall.

2. Give restricted access to users subject to an ethical wall

  1. Create a User filter that includes only the users subject to an ethical wall.
  2. Create an entity filter with all the entities you want to give those users access to (i.e. ensure the that entities subject to an ethical wall are not included in that entity filter).
  3. Give that User filter group permission to the restricted group of entities.

Still need help? Contact Us Contact Us