The Ardoq access system consists of user roles, privileges, and permissions. Use:
User roles to bulk allow users to perform a given set of actions (access functionality) in the Ardoq app. Some of these actions come in the form of configurable privileges.
Privileges to authorize users to perform specific actions, such as accessing Ardoq Discover or creating certain asset types. Privileges can be enabled or disabled on the user role or individually per user.
Permissions to grant users or a group of users access to assets and define the actions users can perform within each asset.
Table of Contents:
User Roles
Ardoq has four default user roles. Each come with a set of privileges which determine functionality access. Some of these privileges can be enabled or disabled on each user role so that you have more control over what your users can do in your organization. To grant asset access and define the actions your users can perform within each specific asset, use permissions.
For instance, you can configure the writer user role to access Ardoq Discover by enabling the Access Discover privilege. This will allow writer users to sign in to Ardoq Discover and see the home page but they won’t necessarily be able to explore viewpoints unless you have assigned them the “Explore viewpoint in Discover” permission on at least one viewpoint.
You can assign users one of the following user roles:
Admin: Has full access to all Ardoq functionalities. They can, for example:
Invite, edit, and delete users
Configure user roles
Update organization settings
Access all assets in their organization
Create, update, and delete any type of asset
Admin users can be granted the Administrator, Writing, or Read-only permission on any type of asset (e.g. a specific workspace). However, the actions admin users can perform won’t be limited by their permissions because their user role (admin) allows them to access all of Ardoq functionalities. Find out more in the Permissions section below.
Writer: Has limited access to Ardoq functionalities. They can:
Create certain types of asset
Update or delete assets they are a part of if given permission
A user with the writer user role can be granted the Administrator, Writing, or Read-only permission on most types of assets (e.g. on “My workspace”) except on viewpoints. For viewpoints, 'Read-only' is now 'Explore viewpoint in Discover' for added clarity." Learn more in the Permissions section below.
Reader: Has very restricted access to Ardoq functionalities. They can only read asset they have been granted access to.
Readers cannot be granted the Administrator or Writing permission on any type of asset, only the Read-only permission. When a reader belongs to a Permission Group that is given the Administrator or Writing permission, the reader user will only be able to read the asset.
Contributor: Has no access to the Ardoq app. Contributors can only be granted access to presentations, surveys, and a viewpoint in Ardoq Discover by assigning them the “Access” permission.
For a detailed breakdown of what each user role and permission allows users to do, head to the Permissions section below.
How to Configure User Roles
To customize user roles so they grant access to Ardoq Discover:
Navigate to Preferences > Access control > User management > Roles
Select the user role you want to configure
Tick the “Access Discover” checkbox
Click “Save changes”
Confirm "Save Changes"
Enabling a privilege on a user role grants current users with that role and future ones access to that particular functionality automatically. It is not possible to disable a privilege on a single user if the privilege is enabled on the user role.
You can update a user's role regardless of whether they have accepted your invite to join your organization.
How to Bulk Assign a User Role
To update the user role of multiple users at once:
Navigate to Preferences > Access control > User management > Users
Select the users you want to assign a new role
Click on the three-dot menu on any users and choose "Assign role"
Select the relevant user role
Click "Save"
Privileges: How to Give Users Access to Functionality
Privileges determine functionality access. You can enable a privilege on a user role or individually per user. We currently support the following privileges:
How to Enable a Privilege on a User Role
Enable a privilege on a user role when you wish to grant users with a specific user role access to a functionality. It is the easiest way to manage access for a large group of users. All current and future users assigned the configured role will gain access to the enabled privilege. Once the privilege is enabled on a user role, it is not possible to disable it on specific users who have that user role.
For example, if you enable the “Access Discover” privilege on the Contributor user role, all of your existing Contributor users, and those you add in the future, will be able to access Ardoq Discover. You won’t be able to disable access to Discover for a single Contributor user.
To enable a privilege on a user role:
Navigate to Preferences > Access control > User management > Roles
Select the user role you want to configure
Tick the privilege checkbox
Click “Save changes”
Confirm "Save Changes"
How to Enable a Privilege Individually per User
Enable a privilege on single users when you need to give specific users access to a functionality in case their user role does not grant it.
To enable a privilege on single users:
Navigate to Preference > Access control > User management > Users
Look for the user want to enable a privilege on
Click on the three-dot menu on any users and choose "Assign privileges"
Tick the relevant privilege(s)
How to Bulk Assign and Revoke Privileges
To enable or remove feature access for multiple users in one go:
Navigate to Preference > Access control > User management > Users
Select the users you wish to grant or remove privileges for
Click on the three-dot menu on any selected user and choose "Assign privileges" or "Remove privileges"
Select the privilege(s) from the dropdown. Alternatively, click on the 'x' button next to the name of the privilege to revoke access
Click "Assign privileges" if assigning privilege or click on "Remove privilege" if removing privilege
When bulk removing privileges for a group of users, users with roles that have privileges enabled will not lose access. For example:
The Discover privilege is enabled for the Writer user role only.
User A has the Writer user role. User B and C has the Reader role.
Next, you select User A, B, and C and remove the Discover privilege for them
User A does not lose their access to Discover because the Discover privilege is enabled on their user role.
User B and C lose access to Discover because the Discover privilege is not enabled on their user role.
How to check Role Privileges and User Privileges
You can check individual user's role privileges and user privileges:
Navigate to Preference > Access control > User management > Users
Click on the user's name you wish to check
Click on "Role and privileges" tab
Permissions: How to Share Assets With Stakeholders
Use Permissions to grant a Permission Group or an individual user access to a particular asset (e.g. a specific workspace) and determine the actions they can do on that asset.
Available Permissions for the Admin and Writer User Role
You can assign users with the admin or writer user role the following permissions on any type of asset:
Administrator permission: It allows users to read, edit, and delete the asset they’ve been added to. They can also update the asset permissions for themselves and other users who were granted access.
Writing permission: It allows users to read, edit, and delete the asset they’ve been added to. For some types of asset, they can only perform these actions on asset they have created. They cannot update the content permissions.
Read-only permission: It allows users to read the asset they’ve been added to. They cannot edit or delete the asset. They cannot update the asset permissions.
Submit survey answers: Available on surveys only. It allows users to answer the survey outside of the Ardoq app.
Access to viewpoint: It allows users to open a viewpoint in Ardoq Discover.
No default access: It prevents users from accessing the asset in the Ardoq app.
Additionally, you can assign admin and writer users the Submit survey answers and No default access permissions on surveys only. Users with Submit survey answers permission won't be able to edit the survey but will be able to answer it.
⚠️ Please know that the admin user role will always override the permissions. For instance, if a user with the admin user role is granted Read-only permission or No default access on a given asset (e.g. a specific workspace), they will be able to read, edit, and delete the asset. Plus, update the asset permissions because their user role (admin) allows them to do so.
Head to the Permissions Overview section below for a detailed breakdown of what admin and writer users can do per type of asset.
Available Permissions for the Reader User Role
You can assign users with the reader user role the Read-only permission, Access to viewpoint, and No default access permissions. Moreover, you can assign them the Submit survey answers access permission on surveys only. It is not possible to grant reader users the Administrator nor Writing permissions on any type of asset.
The Read-only permission allows users to read the asset they've been added to. They are not able to edit it. On the other hand, the Access to survey permission allows users to answer the survey outside of the Ardoq app.
Available Permissions for the Contributor User Role
You can grant users with the Contributor role access to a survey, a viewpoint in Discover, a dashboard in Discover, or a report in Discover by assigning them the:
Access to <asset name>: It allows Contributor users to read the asset only.
No access: It prevents Contributor users from loading the asset.
Submit survey answers: It allows users to answer the survey outside of Ardoq.
Moreover, you can share a presentation with them by configuring the presentation's access rights. It is not possible to grant them access to any other type of asset as they do not have access to the Ardoq app.
Permissions Overview
Below is a detailed breakdown of the actions users with different roles can perform based on the permissions they’ve been granted.
Where it says: | It means: |
“If granted admin” | If granted the Administrator permission |
“If workspace admin” | If granted the Administrator permission on a workspace |
“If edit access” | If granted the Administrator or Writing permission |
“If given access” | All asset types except presentations If the user was granted the Administrator, Writing, Read-only, "Access to <asset name>, "Submit survey answers", or "Explore viewpoint in Discover" permissions. See the permissions that are available for admin and writer users, readers, and contributors in the sections above.
Integrations For integrations, "if given access" means if the user has been granted access to create, read, update, or delete data in the third party tool. |
“If owner” | If the user created the asset (e.g. a specific workspace) |
"If privilege is enabled" | If the relevant privilege has been enabled on the user role or on an individual user. |
"Coming soon" | Upcoming functionality that will soon be available for a user role. |
You can view the Permissions Overview table online in .PDF format here.
How to Assign Users Asset Permissions
Assign a Permission on a User or a Group
You can grant users an asset permission individually per user or using a permission group. Permission groups allow you to bulk grant users a permission on any type of asset (e.g. a specific workspace).
For example, you can create a Permission Group called “Finance”, add all your users who belong to the Finance team, and grant them a permission on a given asset in one go.
How to Assign Users a Permission
For most type of assets, click on the three-dot menu next to their name in the Home page or overview page of each page, and select “Permissions”.
From here, you can:
Type the name of specific users and assign them a permission to grant them access to the asset
Type the name of a permission group and assign them a permission so all current and future users in that group gain access to the asset
Assign a permission to the “All organization members” group so all your current and future users in your organization automatically get access to the asset. It's only possible to grant the "Writing", "Read-only", and "No default access" permissions to the "All organization members" group.
Assign a permission to the “All contributors” group so all your current and future users who have the Contributor user role automatically gain access to the asset. It's only possible to grant the "Access" and "No default access" permissions to the "Contributors" group.
Find out how to grant users a permission on each type of asset in the KB articles below: