Path to function: Resources > Permission sets
Permission sets are collections of resources that can be assigned to accounts so that you can control which users have access to which content. Modifying the resources in can be used for several things:
- As sets of accounts for reporting at the organisation level.
- As a way of assigning attributes to sets of users - e.g. member, staff, walk-in user. You must, in fact, allocate at least one permission set to everyone because of this
- With restrictive mode to limit with resources are available to sets of users. When used this way any changes you make to the resources allocated to a permission set instantly changes what the
- related accounts can access.
Permission sets can only apply to user accounts under the same administrator - any sub-administrators you have will need at least one permission set of their own permission sets.
The first thing you will see is a list of any existing permission sets.
The Attributes tab gives you control over the roles and entitlements that can be passed to federated resources. If you access federated resources, Unless you specifically want to not pass a role for a user you will need to set have a value for this, usually here. The default of 'member' is usually correct.
At the top right there is a display of the number of connected accounts and resources. Buttons beside the numbers let you view which accounts and resources are associated with that permission set.
If you are using permission sets to restrict access you will want to be able to view and allocate resources.
Viewing the resource allocation
From the allocated to accounts button on either the permission set in the list or on the modify page you will be taken to a filtered view of the allocated tab in the resource catalogue. This view will let you easily remove resources from the permission set. You can also add others from the 'All' tab, but you will find it easier to use the Add button (see below).
This view usefully also allows you to allocate resources to other permission sets which can help with the management of resources - you might even create some permission sets that you never allocated to accounts for this reason.