Roles & rights
Category: Management
Version: 1.0
Last Updated: June 01, 2026
Author: Any2Info
Description
The Roles and rights page is used to manage access and permissions within a collection.
Roles and rights allow administrators to control which users can access modules, objects, and variable values in the Any2Info platform.
The page is available via:
Management -> Roles and rightsThis page can be used to create, edit, and delete:
Roles
User groups
Roles and user groups are collection-specific. This means that roles, rights, and user groups are configured separately for each collection.
Access
The Roles and rights page is available to platform users with access to the User management module.
Roles
A role defines a set of permissions within a collection.
A role can contain:
Module access
Object access
Variable values
Roles are used to determine what a user is allowed to read, save, or delete in the platform.
Users can be assigned roles directly. This is commonly used for unique or specific permission setups.
User Groups
A user group is used to assign multiple roles quickly to multiple users.
A user group has a one-to-many relation with both users and roles:
One user group can contain multiple users
One user group can contain multiple roles
A user group can also contain variable values.
Using user groups is the most common way to assign roles and permissions to users, especially when multiple users require the same access level.
Default User Groups
Each collection receives two default user groups:
Collection admins
Viewer users
These default user groups can be deleted if they are not needed.
Rights
Rights are permissions that determine what users are allowed to do in a specific module.
The following rights can be assigned:
Read
Allows users to view or access the module.
Save
Allows users to create or update data or configuration in the module.
Delete
Allows users to delete data or configuration in the module.
Rights are assigned per module.
Module Rights
Module rights define access to specific modules in the platform.
For each module, the following permissions can be configured:
Read
Save
Delete
Examples of modules include:
Dashboard designer
Dashboard mapping
Dashboard flows
Forms designer
Form mapping
Data connections
Datahub
Dataclip designer
Agent designer
Display texts
Notifications
Database tags
Form web links
Document services
Advanced configuration
Viewer
Module rights are used to control which platform areas a user can access and what actions the user can perform in those areas.
Object Rights
Object rights define access to specific objects inside a collection.
Object rights can be configured for objects such as:
Dashboards
Dataclips
Form definitions
Dataflows
This makes it possible to grant access to specific items instead of giving access to everything within a module.
For example, a user may have access to the Forms module, but only to specific form definitions within the collection.
Variables
Roles and user groups can contain variable values.
Variables allow administrators to define reusable values within a collection. These values can be used for filtering, configuration, dashboards, forms, navigation flows, and integrations.
Variable values can be resolved from different authorization levels. Collection variable values are resolved using the following precedence order, from highest to lowest:
Personal value on the user
Authorization structure
Authorization group
Direct role assignment
When variable values are configured on roles or user groups, they can be used to influence user-specific behavior in the platform.
Typical use cases include:
External system IDs
Employee types
Conditional form visibility
Button access
Dashboard or form filtering
User-specific configuration values
Variables are referenced using the following format:
Example:
Usage
Use the Roles and rights page when access needs to be configured for users within a collection.
Typical use cases include:
Creating a role for users who may only view data
Creating a role for users who may edit forms or dashboards
Creating a user group for department-specific access
Assigning multiple roles to multiple users through a user group
Restricting users to specific dashboards, forms, dataclips, or dataflows
Setting variable values for user-specific behavior
Role Assignment
Roles can be assigned in two ways:
User group assignment
The most common method. Users are added to a user group, and the group contains one or more roles.
Direct role assignment
Used for unique or specific permission setups where a user needs a role outside of a group.
Using user groups is recommended when multiple users require the same permissions.
Direct role assignment is useful when a user needs a specific exception or unique access setup.
Tips & Best Practices
Use user groups for common permission setups.
Use direct role assignment only for unique or user-specific access.
Keep role names clear and descriptive.
Configure module rights first, then refine access with object rights where needed.
Use object rights to limit access to specific dashboards, forms, dataclips, or dataflows.
Use variable values when access or behavior depends on user-specific context.
Review roles and user groups regularly to prevent outdated permissions.
Be careful when deleting default user groups, especially Collection admins.
Changelog
Version
Date
Change
1.0
June 01, 2026
Initial documentation version added.
Last updated
Was this helpful?