Go to section:
Why roles and permissions are important?
An important part of any work process is controlling who has access to create, view and edit data. SmartSuite provides you all the tools that you need to ensure that your data is secure, while making it easy to give the appropriate people access when they need it.
SmartSuite offers two levels of permissions - role based access, which determines the maximum permission level that can be assigned to a profile, and Solution permissions, which provides Solution Owners granular control over data visibility, creation, modification and deletion.
SmartSuite Access Roles
Roles represent user "types" and capabilities they have within SmartSuite. Roles determine whether the user has general end-user capabilities, the permission to create and modify Solutions, or permission to administer the entire SmartSuite workspace. There are four Roles that define a user's level of system access and capability:
Guest. Assigning a Guest role allows the user to view only the records that are assigned to them in a view-only state. No changes to the content can be made.
General access. The most common user role - General - provides users access to SmartSuite and its content. Users can see and interact with content that is assigned to the default Everyone Team, and also Solutions they are specifically added to by Solution Managers or Administrators. General users can be made Solution Managers for specific Solutions by another Solution Manager or an Administrator.
Solution Creator. Assigning the Solution Creator role tells SmartSuite that the user is allowed to create new Solutions, either from Solution Templates or from scratch. Just like General users, Solution Creators can be added as Solution Managers for Solutions created by other users, but they do not have these permissions by default (like Administrators do).
Administrator. The highest level of permission in SmartSuite are granted to users assigned the Administrator role. These users have access to all SmartSuite workspace settings - even billing and plan configuration - and can view, create, modify, or delete any Solution (or its data).
Guest role
The Guest role is assigned to members who only need to view data in a read-only state. This role provides the user access to only the records they are assigned to through the Assigned To field. Guests cannot edit any of the record content.
Guests are able to leave comments through the Comment field.
General access role
The General access role is assigned to most Members, providing them access to Solutions, Apps and their data as assigned to them or one of their Teams. General users cannot modify SmartSuite Solution configuration or change permissions, but can take advantage of communications functions, @mentions, starred items, and much more.
Here are examples of what General access Members can do in SmartSuite:
Edit their own Profile (name, birthday, contact info, etc.)
View the Member Directory and individual Member Profiles
View and comment on records they are given access to
View and download saved views and their data
View user statuses and set their own status
Modify Apps and their fields in Solutions they are assigned the Solution Manager permission
Solution Creator role
Users with the Solution Creator role have all the capabilities of General users, and additionally can create new Solutions.
Examples of what Solution Creators can do include:
Access all General user features
Modify Solution's name, color, icon and description for any Solutions they create
Import data into their Apps
Create and modify Apps in Solutions they have created
Duplicate Apps in their Solutions
Link Apps together with Linked Record fields in their Solutions
Add, modify or delete fields in their Solutions
Create automations for their Solutions
Configure permissions for their Solutions
Restore deleted Apps and fields from the recycle bin in their Solutions
Modify Apps and their fields in Solutions they did not create where they are assigned the Solution Manager permission
Administrator role
The Administrator role gives a user the highest level of access to your SmartSuite workspace, allowing them to perform EVERY system function, view and edit any information in SmartSuite, and configure administrative settings such as subscription plan and payment method.
For example, Admins can:
Create, edit and delete Member profiles
Invite new Members via email
Create, edit and delete Teams
Create, edit and delete Apps and Fields
Install Solution Templates
View, edit, and download Saved Views
View other users' private saved views
View usage logs and disconnect users
Customize SmartSuite's terminology (edit what your organization calls "Employees", etc.)
Enable and set up Integrations (Google, Slack, etc.)
Set default workspace settings (language, locale, etc.)
Configure company working days and holiday calendars
Select SmartSuite plan, billing frequency, payment method and billing address
Setting and Modifying a User's Role
Learn all about setting and managing user roles in the article Changing a Member's Role.
Solution Managers
The "Solution Manager" permission was mentioned previously in this article. Solution Manager is a permission, not a role, and must be assigned on a per-Solution basis. Solution managers assume limited administrative capabilities for their assigned Solutions(s), giving them control over public views, Apps and their fields, field placement on the edit record page, and all of the Solution's data.
Working with Roles and Permissions
Default Permissions Are Great for General Collaboration
SmartSuite user interfaces and functions are focused on making work easier, information more transparent and easily accessed, and every user experience intuitive. For the majority of the collaborative work teams do, the default All Access permission level works great. Individual users can make the updates they need to without complex approval processes that slow you down, while still having accountability through the changes tracked in history log, notifications that alert other users and real-time visibility to user edits.
Of course when the work you're doing becomes more sensitive or privileged, it's easy to restrict access to just the people who need it.
Use Teams to Make Managing Permissions a Snap
If you're part of a larger team, SmartSuite encourages you to manage Solution Permissions at the Team level instead of at the individual Member level. Creating Teams by function allows you to manage Team membership instead of modifying each Solution's permission configuration. For example, if someone moved from the Sales Team to the Marketing Team you can simply update their Team membership instead of modifying the permissions in several Solutions. Easy!
Be Careful with the Administrator Role!
SmartSuite Administrators have a LOT of power, with the ability to modify any customer-facing configuration setting, all Solutions - and all of your data. Make sure that users with Administrator-level profiles are well educated about SmartSuite and the system's configuration and take care when making updates.
For larger organizations it is a best practice to have Administrators use a second account with a lower level of permissions to make updates that do not require Administrator-level access.
Related Articles: