Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Roles & rights

Category: Management

Version: 1.0

Last Updated: June 01, 2026

Author: Any2Info

Description

The Roles and rights page is used to manage access and permissions within a collection.

Roles and rights allow administrators to control which users can access modules, objects, and variable values in the Any2Info platform.

The page is available via:

Management -> Roles and rights

This page can be used to create, edit, and delete:

  • Roles

  • User groups

Roles and user groups are collection-specific. This means that roles, rights, and user groups are configured separately for each collection.

Access

The Roles and rights page is available to platform users with access to the User management module.

Roles

A role defines a set of permissions within a collection.

A role can contain:

  • Module access

  • Object access

  • Variable values

Roles are used to determine what a user is allowed to read, save, or delete in the platform.

Users can be assigned roles directly. This is commonly used for unique or specific permission setups.

User Groups

A user group is used to assign multiple roles quickly to multiple users.

A user group has a one-to-many relation with both users and roles:

  • One user group can contain multiple users

  • One user group can contain multiple roles

A user group can also contain variable values.

Using user groups is the most common way to assign roles and permissions to users, especially when multiple users require the same access level.

Default User Groups

Each collection receives two default user groups:

  • Collection admins

  • Viewer users

These default user groups can be deleted if they are not needed.

Rights

Rights are permissions that determine what users are allowed to do in a specific module.

The following rights can be assigned:

Right
Description

Read

Allows users to view or access the module.

Save

Allows users to create or update data or configuration in the module.

Delete

Allows users to delete data or configuration in the module.

Rights are assigned per module.

Module Rights

Module rights define access to specific modules in the platform.

For each module, the following permissions can be configured:

  • Read

  • Save

  • Delete

Examples of modules include:

  • Dashboard designer

  • Dashboard mapping

  • Dashboard flows

  • Forms designer

  • Form mapping

  • Data connections

  • Datahub

  • Dataclip designer

  • Agent designer

  • Display texts

  • Notifications

  • Database tags

  • Form web links

  • Document services

  • Advanced configuration

  • Viewer

Module rights are used to control which platform areas a user can access and what actions the user can perform in those areas.

Object Rights

Object rights define access to specific objects inside a collection.

Object rights can be configured for objects such as:

  • Dashboards

  • Dataclips

  • Form definitions

  • Dataflows

This makes it possible to grant access to specific items instead of giving access to everything within a module.

For example, a user may have access to the Forms module, but only to specific form definitions within the collection.

Variables

Roles and user groups can contain variable values.

Variables allow administrators to define reusable values within a collection. These values can be used for filtering, configuration, dashboards, forms, navigation flows, and integrations.

Variable values can be resolved from different authorization levels. Collection variable values are resolved using the following precedence order, from highest to lowest:

  1. Personal value on the user

  2. Authorization structure

  3. Authorization group

  4. Direct role assignment

When variable values are configured on roles or user groups, they can be used to influence user-specific behavior in the platform.

Typical use cases include:

  • External system IDs

  • Employee types

  • Conditional form visibility

  • Button access

  • Dashboard or form filtering

  • User-specific configuration values

Variables are referenced using the following format:

Example:

Usage

Use the Roles and rights page when access needs to be configured for users within a collection.

Typical use cases include:

  • Creating a role for users who may only view data

  • Creating a role for users who may edit forms or dashboards

  • Creating a user group for department-specific access

  • Assigning multiple roles to multiple users through a user group

  • Restricting users to specific dashboards, forms, dataclips, or dataflows

  • Setting variable values for user-specific behavior

Role Assignment

Roles can be assigned in two ways:

Assignment method
Description

User group assignment

The most common method. Users are added to a user group, and the group contains one or more roles.

Direct role assignment

Used for unique or specific permission setups where a user needs a role outside of a group.

Using user groups is recommended when multiple users require the same permissions.

Direct role assignment is useful when a user needs a specific exception or unique access setup.

Tips & Best Practices

  • Use user groups for common permission setups.

  • Use direct role assignment only for unique or user-specific access.

  • Keep role names clear and descriptive.

  • Configure module rights first, then refine access with object rights where needed.

  • Use object rights to limit access to specific dashboards, forms, dataclips, or dataflows.

  • Use variable values when access or behavior depends on user-specific context.

  • Review roles and user groups regularly to prevent outdated permissions.

  • Be careful when deleting default user groups, especially Collection admins.

Changelog

Version

Date

Change

1.0

June 01, 2026

Initial documentation version added.

PreviousUsersNextAuthorization structure

Last updated

Was this helpful?