> For the complete documentation index, see [llms.txt](https://academy.any2info.com/any2info-academy/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://academy.any2info.com/any2info-academy/no-code-platform/management/usergroups.md). # Roles & rights **Category:** Management **Version:** 1.0 **Last Updated:** June 01, 2026 **Author:** Any2Info *** ### Description The **Roles and rights** page is used to manage access and permissions within a collection. Roles and rights allow administrators to control which users can access modules, objects, and variable values in the Any2Info platform. The page is available via: ``` Management -> Roles and rights ``` This page can be used to create, edit, and delete: * Roles * User groups Roles and user groups are collection-specific. This means that roles, rights, and user groups are configured separately for each collection. *** ### Access The **Roles and rights** page is available to platform users with access to the **User management** module. *** ### Roles A role defines a set of permissions within a collection. A role can contain: * Module access * Object access * Variable values Roles are used to determine what a user is allowed to read, save, or delete in the platform. Users can be assigned roles directly. This is commonly used for unique or specific permission setups. *** ### User Groups A user group is used to assign multiple roles quickly to multiple users. A user group has a one-to-many relation with both users and roles: * One user group can contain multiple users * One user group can contain multiple roles A user group can also contain variable values. Using user groups is the most common way to assign roles and permissions to users, especially when multiple users require the same access level. *** ### Default User Groups Each collection receives two default user groups: * **Collection admins** * **Viewer users** These default user groups can be deleted if they are not needed. *** ### Rights Rights are permissions that determine what users are allowed to do in a specific module. The following rights can be assigned: | Right | Description | | ------ | --------------------------------------------------------------------- | | Read | Allows users to view or access the module. | | Save | Allows users to create or update data or configuration in the module. | | Delete | Allows users to delete data or configuration in the module. | Rights are assigned per module. *** ### Module Rights Module rights define access to specific modules in the platform. For each module, the following permissions can be configured: * Read * Save * Delete Examples of modules include: * Dashboard designer * Dashboard mapping * Dashboard flows * Forms designer * Form mapping * Data connections * Datahub * Dataclip designer * Agent designer * Display texts * Notifications * Database tags * Form web links * Document services * Advanced configuration * Viewer Module rights are used to control which platform areas a user can access and what actions the user can perform in those areas. *** ### Object Rights Object rights define access to specific objects inside a collection. Object rights can be configured for objects such as: * Dashboards * Dataclips * Form definitions * Dataflows This makes it possible to grant access to specific items instead of giving access to everything within a module. For example, a user may have access to the Forms module, but only to specific form definitions within the collection. *** ### Variables Roles and user groups can contain variable values. Variables allow administrators to define reusable values within a collection. These values can be used for filtering, configuration, dashboards, forms, navigation flows, and integrations. Variable values can be resolved from different authorization levels. Collection variable values are resolved using the following precedence order, from highest to lowest: 1. Personal value on the user 2. Authorization structure 3. Authorization group 4. Direct role assignment When variable values are configured on roles or user groups, they can be used to influence user-specific behavior in the platform. Typical use cases include: * External system IDs * Employee types * Conditional form visibility * Button access * Dashboard or form filtering * User-specific configuration values Variables are referenced using the following format: ``` {@variableName} ``` Example: ``` {@employeeType} ``` *** ### Usage Use the **Roles and rights** page when access needs to be configured for users within a collection. Typical use cases include: * Creating a role for users who may only view data * Creating a role for users who may edit forms or dashboards * Creating a user group for department-specific access * Assigning multiple roles to multiple users through a user group * Restricting users to specific dashboards, forms, dataclips, or dataflows * Setting variable values for user-specific behavior *** ### Role Assignment Roles can be assigned in two ways: | Assignment method | Description | | ---------------------- | -------------------------------------------------------------------------------------------------- | | User group assignment | The most common method. Users are added to a user group, and the group contains one or more roles. | | Direct role assignment | Used for unique or specific permission setups where a user needs a role outside of a group. | Using user groups is recommended when multiple users require the same permissions. Direct role assignment is useful when a user needs a specific exception or unique access setup. *** ### Tips & Best Practices * Use user groups for common permission setups. * Use direct role assignment only for unique or user-specific access. * Keep role names clear and descriptive. * Configure module rights first, then refine access with object rights where needed. * Use object rights to limit access to specific dashboards, forms, dataclips, or dataflows. * Use variable values when access or behavior depends on user-specific context. * Review roles and user groups regularly to prevent outdated permissions. * Be careful when deleting default user groups, especially **Collection admins**. *** ### Changelog | **Version** | **Date** | **Change** | | ----------- | ------------- | ------------------------------------ | | 1.0 | June 01, 2026 | Initial documentation version added. | --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://academy.any2info.com/any2info-academy/no-code-platform/management/usergroups.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.