Permissions
      Back to home
      1. Help Centre
      2. Features
      3. Permissions

      Permissions: an introduction

      ⏱️ 3 minutes

      Every User’s ability to access, read, input or modify information on Leo is governed by permissions. Your permissions are determined by the Group you’re assigned to when you register with Leo. Every employee/User registered on Leo is allocated to a particular Group* suitable to their role (for example: ‘Employees’, ‘Management’ and so on). Every User in a Group has the same permissions.

      *You may be assigned to more than one Group, depending upon your role.

      To see the permissions that may be allocated to particular Groups (and therefore the Users in that Group), see Permissions List.    

      Default permissions settings for Users

      By default, a User can only access the areas of Leo for which their Group has permissions. If a Group does not have permissions for a particular function or area of Leo, it won’t be accessible to its Users. The function will either be greyed out and ‘unclickable’, or it simply won’t appear on their screen.

      Types of permissions

      There are two types of permissions on Leo:

      1. General permissions
      2. Content-specific permissions

      Here we explain them in more detail:

      1. General permissions
        Each Group on Leo is given a set of general permissions that fit the roles of its Users. A Group’s permissions apply to every User in that Group, allowing them to access the areas of Leo that are relevant to them. Usually, only an Administrator can allocate or remove permissions for a Group and its Users. (Occasionally, the ability to allocate or remove permissions may be assigned to a particular Group.)
      2. Content-specific permissions
        Content-specific permissions grant a Group (and therefore its Users) access to particular Modules, Report Templates, or Registers - or sections of them.

      Content-specific permissions are assigned to a Group by an Administrator (or by a User from a Group that is allowed to assign these permissions).

      • Range of content-specific permissions

      Content-specific permissions also determine the type of access a Group (and therefore its Users) has to the specific content. This can range from read-only, to the ability to complete particular functions or tasks, to the authorisation to edit certain elements or to modify (for example) an entire Register.

      • Report Modules

      Every Report Module has its own permissions. So, on a per module basis, you can control which Groups (and therefore the Users within them) can create, read or modify reports - whether they’re In Progress/Review (still in draft form) or published. There are other categories of permission, but these are the main ones.

      • Assigning a User access to a Report

      When an Administrator (or anyone with the permissions to do so) creates a new Report, they are asked to assign it to the User who is responsible for completing it. It’s also possible to add Delegate Users so that more than one person can interact with that specific report.  

      Depending upon the permissions that have been assigned to a particular User for a particular Report, they may be able to see the entire Report or only a specific chapter. For example, if an employee is completing an end of year review, they can be assigned access only to the chapter they have to complete, without giving them access to other information which is assigned to other Users.   

      • Report Templates

      Each Report Template has permissions that govern who can read or modify aspects of a report, based upon the nature of that template.

      Almost anyone who needs to interact with a template’s reports will need permission to access Show Questions: this function allows Users to interact with the questions that are the mainstay of every report.

      • Registers

      The permissions for each Register govern who can read or modify the data in that Register. Administrators can control these permissions - ranging from a User being able to read or modify entries assigned to them personally, to the ability to read or modify entries from anyone in the firm.

      If a Group is given permission to read a Register, the Users can read all of the columns in that Register. Similarly, if a Group is given permission to modify a register, the Users in that Group are able to modify all of the columns in that register too.

      • Register Column permissions

      However, permissions for Registers can be made more User-specific, and to a very detailed level. For example, every column in a Register has permissions that control who can read or modify the data. You only need to consider column-level permissions if some of the columns need to be hidden or locked for some Users.