Overview

To ensure that your account is being administered properly, Gtmhub allows you to set granular permissions.

This enables users in your company to:

  • Update and track OKRs progress in agreement with your organization's OKRs process.

  • Integrate with other Business Intelligence systems that are used in your company.

Permissions in Gtmhub must be specified for each session. This means that every time when you create a new session or edit an existing one, the account administrator or the OKRs champion should set permissions.

NOTE: If you do not define permissions, the whole account will have access to this session.


Granularity of permissions

In Gtmhub you can set permissions on four different bases:

  • Employees

  • Teams

  • Roles

  • Account


Permission architecture

Gtmhub has three main layers of permissions that are stacked on top of each other.

The base layer is the global permissions that you set on roles. Users are then assigned to those roles.

The second layer is the permissions that you set on sessions (pointed to in the previous section of this article). OKRs inherit those permissions and therefore these permissions can restrict the global access to only a specific subset of OKR (sessions).

The third layer is the owner permissions. These work on top of the second layer and although a user for example has only "read" permissons for the OKRs in a given session, if they are assigned an OKR in that session they will automatically receive the set of owner permissions. That is, the owner can read, modify, update and delete their OKR, and only their's.

NOTE: Most enterprises want to restrict "modify" and "update" permissions of OKRs only to the owners of these OKRs. To achieve that and support a scalable process, you can create a session and assign your users the "read" and "create" session permissions. Your users will then inherit the stack of owner permission for their OKRs.


Procedure

To set specific permissions, perform the following:

  1. In the navigation pane, under OKRs, click All sessions.

  2. In the toolbar, click Create a session.

  3. In the Permissions dropdown box, select Custom.

  4. Click + Select from list.

  5. Click the level at which you want to grant permissions.
    Choose between: Employees, Teams, Roles, and Account.

  6. Select the employees, teams, roles, or account that you want to grant permissions.

    NOTE: You can assign permissions at more than one level at once. For example, grant permissions to a user and a role at the same time.

  7. Click Apply.
    The selected choices appear in the Permissions section.

  8. For each selected employee, team, role, or account, expand its selector.
    A list of all permissions appears.

  9. Choose whether you want to give Read, Update, Delete, Create, or Modify permissions rights.
    You do this by selecting and deselecting the respective checkbox.

  10. Save the session.

NOTE: If you assign permissions that you are not part of – for example, assign the session to a team, which you are not part of, you will not be able to access this session, after creating it.


Edit or deny permissions

To remove or edit the permissions of a session, perform the following:

  1. In the navigation pane, under OKRs, click All sessions.

  2. Expand the menu of a session that you want to change.
    In the dropdown box, click Edit.

  3. In the Permissions dropdown box, click Custom.
    For each selected employee, team, role, or account, expand its selector.

  4. Choose whether you want to change the Read, Update, Delete, Create, or Modify permissions rights.
    You do this by selecting and deselecting the respective checkbox.

  5. If you want to deny permissions to the employee, team, role, or account, click REMOVE.

  6. Save the session.

Did this answer your question?