Overview
To ensure that your account is being administered properly, Gtmhub allows you to set granular permissions.
This enables users in your company to:
Update and track OKRs progress in agreement with your organization's OKRs process.
Integrate with other Business Intelligence systems that are used in your company.
Permissions in Gtmhub must be specified for each Session. This means that every time you create a new Session or edit an existing one, the account administrator or the OKR Champion should set permissions.
NOTE: If you do not define permissions, the whole account will have access to this Session.
Granularity of permissions
In Gtmhub you set permissions on five different bases:
Employees
Teams
Roles
Account
and Ownership, which is automatic and not visible in the User Interface
Permission architecture
Gtmhub has three main layers of permissions that are stacked on top of each other.
The base layer is the global permissions that you set on roles. Users are then assigned to those roles.
The second layer is the permissions that you set on Sessions (pointed to in the previous section of this article). OKRs inherit those permissions and therefore you can restrict the global access to OKRs only to a specific subset of OKR Sessions.
The third layer is the Ownership permissions. These work on top of the second layer and although a user for example may have only "read" permissions for the OKRs in a given Session, if they are assigned an OKR in that Session they will automatically receive the set of Ownership permissions. That is, the owners can read, modify, update and delete their OKR, but only theirs.
NOTE: Most enterprises want to restrict "modify", "update" and "delete" permissions of OKRs only to the owners of these OKRs. To achieve that restriction you can create a Session and assign your users only "read" and "create" permissions. Once your users create their OKRs, they'll inherit the stack of Ownership permissions and will be able to make changes, but only to their OKRs.
Procedure
To set specific permissions, perform the following:
In the navigation pane, under OKRs, click All sessions.
In the toolbar, click Create a session.
In the Permissions dropdown box, select Custom.
Click + Select from list.
Click the level at which you want to grant permissions.
Choose between: Employees, Teams, Roles, and Account.Select the specific employees, teams, or roles, or your entire account that you want to grant permissions to.
NOTE: You can assign permissions at more than one level at once. For example, grant permissions to a user and a role at the same time.
Click Apply.
The selected choices appear in the Permissions section.For each selected employee, team, role, or account, expand its selector.
A list of all permissions appears.Choose whether you want to give Read, Update, Delete, Create, or Modify permissions rights.
You do this by selecting and deselecting the respective checkbox.Save the Session.
NOTE: If you assign permissions that you are not part of - for example, assign the Session to a team you don't belong to - you will not be able to access this Session, after creating it.
Edit or deny permissions
To remove or edit the permissions of a Session, perform the following:
In the navigation pane, under OKRs, click All sessions.
Expand the menu of a Session that you want to change.
In the dropdown box, click Edit.In the Permissions dropdown box, click Custom.
For each selected employee, team, role, or account, expand its selector.Choose whether you want to change the Read, Update, Delete, Create, or Modify permissions rights.
You do this by selecting and deselecting the respective checkbox.If you want to deny permissions to the employee, team, role, or account, click REMOVE.
Save the Session.