Permissions feature is available only in the paid tiers.
"Roles" in Cascade defines the user's type of access level to the workspace - Admin, Manager, Contributor, and Viewer. And, "Permissions" control access to specific goals, plans, dashboards and reports.
While User Roles in Cascade article covers granting access to global features (e.g. billing, flexible strategy model, and user management), here you'll find details on how to manage view, edit, and delete permissions for plans, dashboards, and reports.
We're providing a broader approach for permissions so as to keep all the permissions granularity at the plans, dashboard, and report level. By default:
-
When a plan is created, its set public by default. i.e., it has an can edit access to all members of a workspace.
-
When a report or dashboard is created, its set private by default. Only the Admins and the user who created them will have edit access. Click Share and invite other users with who you wish to share the report or dashboard.
-
Users with Admin role will have view and edit access to all the plans, dashboards and reports. Even if they're assigned only a view access, being an admin, they'll automatically inherit the edit access.
-
Those with Viewer role will only have view access to the plans, dashboards or reports that they're assigned to. Being a viewer, they'll automatically inherit the view access, and the platform does not allow to give them edit access to any functionalities.
-
All owners and collaborators in a plan can view and edit, irrespective of their roles (Viewers cannot edit though.). However, in Essentials and Enterprise+ tiers, if a plan is "private" or set to "can view" access, the owners and collaborators with "view" access can only edit their goals while able to view the plan and its components.
-
In case of Managers and Contributors, the permissions are attached to the users and not their roles. i.e., irrespective of their roles, they'll be able to edit if they have can edit access, and to view if they've can view access assigned to them.
-
Irrespective of the plans in which focus areas are created, all focus areas can be viewed by everyone from the Plans and Teams > All focus areas page. There's no privacy permissions for focus areas because focus areas are mostly used as a strategic pillar in which the same focus area(s) can be shared across multiple plans to drive the strategy outcome/alignment. For example, when you create a new plan you can add an "existing" focus area in which all focus areas need to be visible to add this. Although you have a private plan with focus areas only in that private plan, this does not make the name of the focus area private, it only makes the plan itself private.
However, with dashboards and reports, since there's no concept of owners or collaborators, the person who creates them, and the users with Admin roles can manually give permissions to the users in their workspace.
Accountability and Permissions
-
Users who're accountable i.e., users who're owners and collaborators on objectives/measures/projects/actions within a plan will have view access and edit access to the goals that they work on.
-
Users who're accountable for dashboards and reports i.e., users who're owners of the dashboards or reports will have view and edit access.
-
If a user is accountable and they have a role of contributor, manager or admin, they automatically inherit edit access on the plan.
-
If a user is accountable and they have role of a Viewer, they automatically inherit view access on the plan. But note that you cannot give them edit access to any functionality.
-
If a user is no longer accountable (that is they are no longer an owner or collaborator on any objectives/measures/projects/actions within the plan), they'll no longer have default view and edit access to the plan. They'll have to be explicitly added as an editor/viewer on the plan.
How to assign permissions?
You can assign permissions to a plan, dashboard, and report in your workspace. By default, Admin roles have an overriding access level, and inherit edit access.
Click Share in the relevant plan, dashboard, or report to open up the share modal. You can set the permissions at the
-
workspace level, i.e.,
-
Public access - setting up either "can edit" or "can view" for all the members of the workspace,
-
Private access - setting up "no access" to maintain absolute privacy. For example, the plan, or dashboard has sensitive company information, or is still in draft stage, which need not be exposed to everyone.
-
-
or at a team's level, i.e.,
-
all the members of that team inherit the default view or edit access that you assign the team,
-
within a team, viewers get default view access, while admins get default edit access,
-
team level permissions can be assigned only to plans and dashboards,
-
a team member once removed from that team, will no longer the access that's assigned to the team.
-
Team permissions are applicable only for Plans and Dashboards. You cannot assign permission to a team for Reports from its Share modal.
-
or at an individual user's level, i.e.,
-
owners and collaborators of a plan inherit default edit access to their goals,
-
If you need users with "Viewers" role to collaborate on a goal, then you can assign them as collaborators. Note that they cannot make any edits or progress updates to that goal, and all they can do is just review and leave comments.
-
-
owners of dashboards and reports inherit default edit access,
-
viewers get default view access, while admins get default edit access,
-
or, invite relevant users, and manually assign them view or edit permissions.
-
If a plan, dashboard or report is set to private, i.e., "no access", you can start giving access to other users by typing in their names or mail ids, and giving them access as "can view", or "can edit", and click Share. These persons will be notified. You can also revoke someone's access by clicking remove from the access drop-down.
Please note that you cannot revoke access of an Admin. Also, you cannot assign edit permissions to a Viewer. The owner of the plan, dashboard and report will retain edit access.
You cannot revoke someone's access if they own or collaborate on a goal; you can just change their access to "view" if you do not want them to edit anything except their goals.
Check out the articles Plan Permissions, Dashboard Permissions and Report Permissions to understand the granularity of permissions available for plans, dashboards and reports.
What happens once the trial period is over?
Once the trial period is over, or when you're no more on a free tier, it'll unlock the existing role based permissions that can be controlled from Admin > Users.
However, permissions are behind paywalls. Any access that you've granted during the trial will be retained, but cannot be changed unless you upgrade. i.e., even if you're an Admin, you'll not be able to grant/change permissions on a plan or dashboard or report if your free trial is over, and you're yet to upgrade.
FAQs
Can a Viewer be assigned ownership of a plan or dashboard?
NO. It's a view-only seat which provides you with just viewing and commenting functionalities. The platform will not allow you to enable edit access to a viewer role, and only if you upgrade their role to a collaborator, or manager, or admin, will it be possible to give them edit access or ownership to a plan, dashboard, or report.
How about permissions with respect to integrations?
You'll need to have edit access to the plan you want to connect integrations to.
Are we restricting some access to edit Plan Settings?
Yes. You’ll need edit access to the plan to change the plan settings.
A user was removed from the team but I can still see that they hold edit access to the plan.
Check if they own or collaborate on a goal in that plan, If yes, then their access will not be revoked when they're not part of the team and you need to manually change their access from the Share modal.
Who can set the permissions of a plan, dashboard or report?
Admins and anyone with edit access can set the permissions of a plan, dashboard or report. However, the plan, dashboard and report owner will always retain ownership and can’t have their access removed.
Can we restrict permissions at a goal level so that the user cannot edit the plans in which they belong. i.e., if we do not want them to update anything except the goals they work on, and at the same time do not want to change their role as “viewer”?
Yes, you can restrict permissions at a goal level too.
-
Set everyone in the workspace to have can view or no access, i.e., making the plan viewable or private.
-
Owners and collaborators section, assign can view access against those users whom you wish to restrict permissions at their goal level.
While they'll still be able to view the plans and its components, they'll be able to edit only the goals they own or collaborate. Even if they own or collaborate on an objective, they'll not be able to edit its success criteria (measures, actions or projects).
What do collaborators do?
Like the name suggests, they collaborate on the goals, i.e., add or edit goals, add the existing users in the workspace to the goals, change owners, due dates and targets, add risks and relationships and so on. However, if you wish to restrict their access only to the goals that they collaborate on, then you can assign them can view access from the Share modal.
Why am I unable to change permissions of collaborators in plans?
Owners and Collaborators are the people working on the outcomes in a plan. These people retain rights to edit the goals they own or collaborate in the plan even when the plan is set to can view or private for everyone in the workspace.
But we still encourage for everyone to be open and collaborative and if you want to restrict some people from editing the parts of the plan, it’s an ideal time to break the plan down into smaller parts.
What happens when someone’s role is changed from Admin to Manager or Contributor?
When a user's role is changed to Manager or Contributor, they'll lose edit access to any plans if they don’t meet any of the following criteria:
-
have the workspace setting on the plan/dashboard/report set to View.
-
they're not an owner or collaborator on an entity on the plan (*applies to plans only*).
-
they haven’t been manually assigned access to the plan/dashboard/report.
Can we revoke edit permissions of an Admin?
No. Admins have an overriding access permissions and will always retain edit permissions.
Can I remove myself from the access to a plan or dashboard?
No, only admins or the anyone else with edit permissions can revoke your access.
What happens if a viewer is part of a team which is assigned edit access?
You'll see a modal listing the viewers in that team, and you can either click Invite anyway to invite them to share the access, or click Upgrade to upgrade their role to Admin, Manager or Contributor to enjoy full access.
When they're invited without upgrading, they'll still retain only the view access and will not be able to edit.
Can I restrict only certain team members to have edit permissions and the others to have view permissions?
Yes. Assign the team can view access. Now, assign the individual team members whom you wish to edit the plan or dashboard to have can edit permissions. This way, while your team has view access, only certain team members will hold edit access. Please note that, Admins will have overriding permissions.