Overview

To ensure that your account is being administered properly, Gtmhub allows you to set granular permissions.

This enables users in your company to:

  • Update and track OKRs progress in agreement with your organization's OKRs process.

  • Integrate with other Business Intelligence systems that are used in your company.

Permissions in Gtmhub must be specified for each Session. This means that every time you create a new Session or edit an existing one, the account administrator or the OKR Champion should set permissions.

NOTE: If you do not define permissions, the whole account will have access to this Session.


Granularity of permissions

In Gtmhub you set permissions on five different bases:

  • Employees

  • Teams

  • Roles

  • Account

  • and Ownership, which is automatic and not visible in the User Interface


Permission architecture

Gtmhub has three main layers of permissions that are stacked on top of each other.

The base layer is the global permissions that you set on roles. Users are then assigned to those roles.

The second layer is the permissions that you set on Sessions (pointed to in the previous section of this article). OKRs inherit those permissions and therefore you can restrict the global access to OKRs only to a specific subset of OKR Sessions.

The third layer is the Ownership permissions. These work on top of the second layer and although a user for example may have only "read" permissions for the OKRs in a given Session, if they are assigned an OKR in that Session they will automatically receive the set of Ownership permissions. That is, the owners can read, modify, update and delete their OKR, but only theirs.

NOTE: Most enterprises want to restrict "modify", "update" and "delete" permissions of OKRs only to the owners of these OKRs. To achieve that restriction you can create a Session and assign your users only "read" and "create" permissions. Once your users create their OKRs, they'll inherit the stack of Ownership permissions and will be able to make changes, but only to their OKRs.


Procedure

To set specific permissions, perform the following:

  1. In the navigation pane, under OKRs, click All sessions.

  2. In the toolbar, click Create a session.

  3. In the Permissions dropdown box, select Custom.

  4. By default you as a user, everyone in the account and everyone in the admin role will be given permissions. (Note: for everyone in the account "Modify permissions" are not preselected)

  5. To change the actual permissions of each selected user, team or role click on the key icon and make your selection.

  6. To remove all permissions from someone click on the bin icon.

  7. In the search bar you can search for any user, team or role you want to give permissions to. Once selected in the dropdown list, the same options for modifying their permissions or removing their permissions are available.

  8. When giving permissions to a team by default you also give permissions to all subteams of that team. To change that, click on "Include subteams" and deselect the choice.

  9. Another way to give permissions instead of using the search bar is by clicking + Select from list. Click the level at which you want to grant permissions. Choose between: Employees, Teams, Roles, and Account. Select the specific employees, teams, or roles, or your entire account that you want to grant permissions to. Click Apply.

    NOTE: You can assign permissions at more than one level at once. For example, grant permissions to a user and a role at the same time.

  10. Save the Session.

NOTE: If you assign permissions that you are not part of - for example, assign the Session to a team you don't belong to - you will not be able to access this Session, after creating it.


Edit or deny permissions

To remove or edit the permissions of a Session, perform the following:

  1. In the navigation pane, under OKRs, click All sessions.

  2. Expand the menu of a Session that you want to change.
    In the dropdown box, click Edit.

  3. In the Permissions dropdown box, click Custom.
    For each selected employee, team, role, or account, expand its selector.

  4. Choose whether you want to change the Read, Update, Delete, Create, or Modify permissions rights.
    You do this by selecting and deselecting the respective checkbox.

  5. If you want to deny permissions to the employee, team, role, or account, click REMOVE.

  6. Save the Session.

Did this answer your question?