Permissions and Permission Sets

EarthRanger allows you to grant users specific permissions to various functionalities, such as accounts, activities, analyzers, mapping, and tracking. For example, you can assign a user permission to add arrest reports with the Choices|Arrest Violation|Can add Arrest Violation permission.

Rather than assigning individual permissions to users, permissions are typically grouped into collections known as permission sets. Permission sets simplify the process of managing user privileges by combining multiple permissions into reusable sets. For instance, you might create a permission set called User Admin, which includes the following permissions

  • accounts | user | Can add user
  • accounts | user | Can change user
  • accounts | user | Can delete user

Users typically have two types of permission sets:

  • Member Permission Sets: Assigned directly through the EarthRanger Administration interface.
  • Effective Permission Sets: A comprehensive list of all permissions a user has, including those inherited from other permission sets. These inherited permissions “unravel” into effective sets for clarity.

Adding a New Permission Set

To create a new permission set: 

  1. Navigate to Home > User Accounts > Permission sets
  2. Click Add Permission Set at the top right of the page. 
  3. Enter a name for the permission set in the Name field. 
  4. Add permissions to the permission set by selecting from the following options: 
    1. Available Permissions: Choose individual permissions you wish to include.
    2. Available Permission Sets: Select existing permission sets to include. 
  5. Assign users to the permission set by selecting them from the Available Users list and moving them to the Chosen Users list. 
  6. Click Save to finalize. 

 

 

 

Note: To avoid confusion or circular permissions, avoid using the "Grant permissions to" section when setting up permissions. 

 


Viewing Permission Sets 


To view permission sets: 

  1. Go to Home > User Accounts > Permission sets
  2. Browse the list of existing permission sets, their permissions, and the users assigned to each set. 


Changing a Permission Set 
 

To modify a permission set: 
 

  1. Go to Home > User Accounts > Permission sets
  2. Select the permission set you wish to change from the list. 
  3. On the Change Permission Set page, make the necessary changes. 
  4. Click Save to apply the changes. 
     

Deleting a Permission Set 
 

To delete a permission set: 

  1. Go to Home > User Accounts > Permission sets
  2. Select the check box next to the permission set you wish to delete. 
  3. In the Action drop-down menu, select Delete permission sets
  4. Click Go, then confirm by selecting Yes, I’m sure.

 

Common Permission Sets

The three most common Permission Sets in EarthRanger are:

  • Event Category Permission Sets
  • Subject Group Permission Sets
  • Track Access Permission Sets

 

 

Event Category Permission Sets

An Event Category is a collection of Event Types.  When an Event Category is created, a new Permission Set is automatically created which allows assigning users access to the group of Event Types in the Event Category.

 

Event Categories are given four individual permissions by default.  You may hear these referred to as CRUD permissions.  

 

They are:

  • Create events from event types in this Event Category
  • Read (or view) events that have been created by any user in this Event Category
  • Update events that have been created by any user in the Event Category
  • Delete events that have been created in this category.  Note: The UI may not yet support the ability to delete at this point

 

For variations on these default permissions, refer to the Permission Set Examples page.

 

 

Subject Group Permission Sets

Subject Groups are collections of trackable and stationary subjects.  When a Subject Group is created a new Permission Set is automatically created which allows assigning users access to the subjects in this Subject Group.

 

Subject Group Permission Sets are given four default permissions.  

 

They are:

  • Access to updated observations as they become available.
  • Can view subject
  • Can view subject group
  • Permission to subscribe to an alert on this Subject

 

Track Access Permission Sets

While Subject Groups allow access to the subjects in the system, Track Access Permission Sets grant access to the location tracks and other data provided by the Subjects devices.

 

The available Track Access Permission Sets are available by default are:

  • View Tracks All Time   (user is able to see all tracks for a subject)
  • View Tracks Last 7 Days  (user can only see last 7 days of tracks)
  • View Tracks Last 16 Days  (user can only see last 16 days of tracks)
  • View Tracks Last 16 Days Delayed (user can see up to 16 days of tracks but can NOT see the most recent 1 day of tracks)
  • View Tracks Last 60 Days  (user can see last 60 days of tracks)

 

In addition to the default Permission Sets, new ones can be created with the following parameters:

  • Can view tracks no more than 7/16/30/60 days old
  • Can view tracks no less than 0/1/3/7 days old

 

 

Roles  [Best Practice] 

One best practice is to create Permission Sets that correspond to the Roles with the site’s organization.  This provides a streamlined way to assign and maintain permissions as users come and go while providing very clear visibility as to which privileges are available to which users.  

 

Examples might include:

  • ‘ROLE: Ops Room’
  • ‘ROLE: Rangers’
  • ‘ROLE: Volunteers’

 

Following the above instructions, you can create Permission sets for each Role then grant the privileges you wish.  

 

For Example: 

  • ‘ROLE: Ranger’
    • View Security Events
    • View Elephants
    • View Tracks All Time
    • Full Patrols Permissions

 

 

Granting User Permissions

Creating Roles simplifies the process of assigning permissions.

When adding a new user, assign them to the appropriate ROLE to grant the corresponding permissions.

Was this article helpful?