In Ardoq you can use:
User roles to bulk assign users a set of privileges.
Privileges to grant a user role or a single user access to functionality.
Permissions to grant a Permission Group or an individual user access to a particular content (e.g. “My workspace”) and determine the actions they can do on that content.
Table of Contents:
User Roles
Ardoq has four default user roles. They come with a predefined set of privileges which determine functionality access. Some of these privileges can be enabled or disabled on each user role so that you have more control over what your users can see and do in your organization. To grant content access and define the actions your users can perform on specific content, use permissions.
For instance, you can configure the writer user role to grant access to Ardoq Discover by enabling the Discover privilege. This will allow writer users to login to Discover and see the home page but they won’t necessarily be able to explore viewpoints unless you have assigned them the “Access” permission on some viewpoints.
You can assign users one of the following user roles:
Admin: Has full access to all Ardoq functionalities. They can, for example:
Invite, edit, and delete users
Configure user roles
Update organization settings
Access all content in their organization
Create, update, and delete any type of content
Admin users can be granted the Administrator, Writing, or Read-only permission on any type of content (e.g. a specific workspace). However, the actions admin users can perform won’t be limited by their permissions because their user role (admin) allows them to access all of Ardoq functionalities. Find out more in the Permissions section below.
Writer: Has limited access to Ardoq functionalities. They can:
Create certain types of content
Update or delete content they are a part of if given permission
A user with the writer user role can be granted the Administrator, Writing, or Read-only permission on most type of content (e.g. on “My workspace”) except on viewpoints. Learn more in the Permissions section below.
Reader: Has very restricted access to Ardoq functionalities. They can only read content they have been granted access to.
Readers cannot be granted the Administrator or Writing permission on any type of content, only the Read-only permission. When a reader belongs to a Permission Group that is given the Administrator or Writing permission, the reader user will only be able to read the content.
Contributor: Has no access to core Ardoq. Contributors can only be granted access to presentations, surveys, and a viewpoint in Ardoq Discover by assigning them the “Access” permission.
For a detailed breakdown of what each user role and permission allows users to do, head to the Permissions section below.
How to Configure User Roles
To customize user roles so they grant access to Ardoq Discover:
Navigate to Preferences > Organization Settings > Manage User Roles
Select the user role you want to configure
Tick the “Access Discover” checkbox
Click “Save”
Enabling a privilege on a user role grants current users with that role and future ones access to that particular functionality automatically. It is not possible to disable a privilege on a single user if the privilege is enabled on the user role.
You can update a user's role regardless of whether they have accepted your invite to join your organization.
How to Bulk Assign a User Role
To update the user role of multiple users at once:
Navigate to Preferences > Organization settings > Manage users > Invite and manage users tab
Select the users you want to assign a new role
Click on the three-dot menu on any users and choose "Manage role"
Select the relevant user role
Click "Save"
Privileges: How to Give Users Access to Functionality
Privileges determine functionality access. You can enable a privilege on a user role or individually per user. We currently support the following privileges:
How to Enable a Privilege on a User Role
Enable a privilege on a user role when you wish to grant users with a specific user role access to a functionality. It is the easiest way to manage access for a large group of users. All current and future users assigned the configured role will gain access to the enabled privilege. Once the privilege is enabled on a user role, it is not possible to disable it on specific users who have that user role.
For example, if you enable the “Access Discover” privilege on the Contributor user role, all of your existing Contributor users, and those you add in the future, will be able to access Ardoq Discover. You won’t be able to disable access to Discover for a single Contributor user.
To enable a privilege on a user role:
Navigate to Preferences > Organization Settings > Manage User Roles
Select the user role you want to configure
Tick the privilege checkbox
Click “Save”
How to Enable a Privilege Individually per User
Enable a privilege on single users when you wish to give specific users access to a functionality in case their user role does not grant it.
To enable a privilege on single users:
Navigate to Preference > Organization Settings > Manage Users
Look for the user want to enable a privilege on
Click on the pencil icon next to the name of your user
Tick the relevant privilege (currently available “Access Discover” only)
How to Bulk Assign and Revoke Privileges
To enable or remove feature access for multiple users in one go:
Navigate to Preferences > Organization settings > Manage users > Invite and manage users tab
Select the users you wish to grant or remove privileges for
Click on the three-dot menu on any selected user and choose "Assign privileges" or "Remove privileges"
Select the Discover privilege from the dropdown. Alternatively, click on the 'x' button next to the name of the privilege to revoke access
Click "Save"
When bulk removing privileges for a group of users, users with roles that have privileges enabled will not lose access. For example:
The Discover privilege is enabled for the Writer user role only.
User A has the Writer user role. User B and C has the Reader role.
Next, you select User A, B, and C and remove the Discover privilege for them
User A does not lose their access to Discover because the Discover privilege is enabled on their user role.
User B and C lose access to Discover because the Discover privilege is not enabled on their user role.
Permissions: How to Share Content With Stakeholders
Use Permissions to grant a Permission Group or an individual user access to a particular content (e.g. a specific workspace) and determine the actions they can do on that content.
Available Permissions for the Admin and Writer User Role
You can assign users with the admin or writer user role the following permissions on any type of content:
Administrator permission: It allows users to read, edit, and delete the content they’ve been added to. They can also update the content permissions for themselves and other users who were granted access.
Writing permission: It allows users to read, edit, and delete the content they’ve been added to. For some types of content, they can only perform these actions on content they have created. They cannot update the content permissions.
Read-only permission: It allows users to read the content they’ve been added to. They cannot edit or delete the content. They cannot update the content permissions.
Submit survey answers: Available on surveys only. It allows users to answer the survey outside of core Ardoq.
Additionally, you can assign admin and writer users the Access to survey and No default access permissions on surveys only. Users with this permission won't be able to edit the survey but will be able to answer it.
⚠️ Please know that the admin user role will always override the permissions. For instance, if a user with the admin user role is granted Read-only permission or No default access on a given content (e.g. a specific workspace), they will be able to read, edit, and delete the content. Plus, update the content permissions because their user role (admin) allows them to do so.
Head to the Permissions Overview section below for a detailed breakdown of what admin and writer users can do per type of content.
Available Permissions for the Reader User Role
You can assign users with the reader user role the Read-only permission. Plus, you can assign them the Submit survey answers and No default access permissions on surveys only. It is not possible to grant reader users the Administrator nor Writing permissions on any type of content.
The Read-only permission allows users to read the content they've been added to. They are not able to edit it. On the other hand, the Access to survey permission allows users to answer the survey outside of core Ardoq.
Available Permissions for the Contributor User Role
You can assign users with the Contributor role permission to access a presentation, survey, a viewpoint in Discover, a dashboard in Discover, or a report in Discover It is not possible to grant them access to any other type of content as they do not have access to core Ardoq.
The permissions available for Contributor users are:
Access: It allows Contributor users to read the content only.
No access: It prevents Contributor users from loading the content.
Submit survey answers: Available on surveys only. It allows users to answer the survey outside of core Ardoq.
Permissions Overview
Below is a detailed breakdown of the actions users with different roles can perform based on the permissions they’ve been granted.
Where it says: | It means: |
“If granted admin” or “admin” | If granted the Administrator permission |
“If workspace admin” | If granted the Administrator permission on a workspace |
“If granted write” | If granted the Writing permission |
“If edit access” | If granted the Administrator or Writing permission |
“If granted read” | If granted the Read-only permission |
“If read access” | If granted the Administrator, Writing, Read-only permission, or "Access to..." |
“If owner” | If the user created the content (e.g. a specific workspace) |
“If given access” | If the user was granted the Administrator, Writing, or Read-only permission. For Contributor users, if granted the “Access” permission. |
You can view the Permissions Overview table online in .PDF format here.
How to Assign Users Content Permissions
Assign a Permission on a User or a Group
You can grant users an content permission individually per user or using a permission group. Permission groups allow you to bulk grant users a permission on any type of content (e.g. a specific workspace).
For example, you can create a Permission Group called “Finance”, add all your users who belong to the Finance team, and grant them a permission on a given content in one go.
How to Assign Users a Permission
For most type of content, click on the three-dot menu next to their name, and select “Permissions”. From here, you can:
Type the name of specific users and assign them a permission to grant them access to the content
Type the name of a permission group and assign them a permission so all current and future users in that group gain access to the content
Assign a permission to the “All organization members” group so all your current and future users in your organization automatically get access to the content. It's only possible to grant the "Writing", "Read-only", and "No default access" permissions to the "All organization members" group.
Assign a permission to the “All contributors” group so all your current and future users who have the Contributor user role automatically gain access to the content. It's only possible to grant the "Access" and "No default access" permissions to the "Contributors" group.
Find out how to grant users a permission on each type of content in the KB articles below: