Towards the end of June 2021 we’ll be rolling out some major improvements to how user permissions are managed. In this post, we share a preview of the changes and explain how they will affect existing user permissions.

Currently, permissions for each user are managed individually: when you add a user, you choose their permissions from a long list to control what they can and can’t do within a project. This can be a little daunting and time-consuming.

In the next few weeks, we’ll be introducing two new concepts – user types and workspace roles – that will streamline and simplify permissions management – without losing any of the granular control currently available.

It’s also important to note that we will be making two important terminology changes as part of the permissions improvements:

  • Projects will become Workspaces
  • Fieldworkers will be referred to as Data Collectors

User types

Each user in your account will have one of four possible “types”. These are:

Account OwnerAdministratorWorkspace UserData Collector

The Account Owner and Administrator user types will have full access to all workspaces in the account and can add/remove other users and create or delete entire workspaces.

Data Collectors have no access to the Mobenzi backend console at all. They can however be linked to handsets, assigned forms and capture these via the Mobenzi mobile app or using their web browser (if you have enabled your form for web collection).

Workspace Users are able to login to the Mobenzi backend and can be given access to one or more workspaces in the account. Within each workspace, they can be assigned a pre-defined role, or you can customise their role in the workspace by choosing exactly the set of permissions they should have.

Workspace roles and permissions

As mentioned above, for Workspace Users you need to decide what role they have within a workspace. The Account Owner and Administrators automatically receive full access to all workspaces – so you won’t need to choose workspace roles for these user types. Because Data Collectors can’t login to the backend console, they also can’t have a workspace role assigned.

Workspace Users must be given a role for each workspace they have access to. The roles available are:

  • Workspace Manager role
    • Has all permissions for the workspace.
    • Able to grant/revoke roles, permissions and Workspace User access within the workspace.
  • Data Manager role
    • Able to view, edit and delete all captured data within the workspace. This includes being able to export data.
    • Able to create and share reports.
    • Cannot create or modify forms within the workspace.
    • Cannot add or modify users or their roles/permissions within the workspace.
  • Data Analyst role
    • Able to view but not edit (or delete) captured data within the workspace. This includes being able to export data.
    • Able to create and share reports.
    • Cannot create or modify forms within the workspace.
    • Cannot add or modify users or their roles/permissions within the workspace.
  • Supervisor role
    • Able to view but not edit (or delete) captured data within the workspace. This includes being able to export data.
    • Able to add and manage Data Collectors in the workspace but cannot add or modify other Workspace Users (or their roles/permissions).
    • Able to add handsets, manage form assignments and send messages to Data Collectors.
    • Cannot create or modify forms within the workspace.
  • Form Designer role
    • Able to create, modify and publish forms within the workspace.
    • No access to view, edit (or delete) captured data.
    • Cannot add or modify users or their roles/permissions within the workspace.
  • Custom role
    • Pick your own set of permissions.

How this will affect existing user permissions

Most of the underlying permissions remain the same, so there won’t be a major shift in what users can see or do when the changes come into effect.

Apart from the Account Owner, all users who currently have backend access will become Workspace Users and all fieldworkers will become Data Collectors. We won’t make any users Administrators automatically – the Account Owner will need to manually decide who to promote to an Administrator.

Based on the current permissions for each Workspace User, we’ll automatically match them to one of the new workspace roles described above. Users who previously had been granted permission to “manage all users in the project” will be given the Workspace Manager role. If the permissions they have currently don’t match one of the pre-defined workspace roles, we’ll assign them to the Custom role and give them essentially the same permissions they have now. As a general principle, we won’t give users greater levels of access than they would have had previously – but there may be some new or expanded permissions that you might wish to consider granting certain users.