Managing process members and permissions
Roles and permissions in a process workflow
Kissflow Workflow supports the following roles to facilitate process sharing:
Process Admin
A Process Admin has the highest privilege in a process. They can perform any operations related to a process and add, remove, or modify the roles of other members in the process.
As a Process Admin, they will be able to:
- Assign a role to a user while adding them to a process
- Add Process Admins, Process Developers, Data Admins, Report Admins, and Members anytime in the due course of the process
- Remove any member belonging to any role in the process
- Grant or revoke the permissions a member has in the process
- Share reports with the members or anyone outside the process.
Data Admin
A Data Admin can perform any kind of operation on the process data and create reports. We support this role in our Enterprise plan only.
As a Data Admin, they will be able to:
- View, edit, and delete process-related information
- View all the reports, access a process form from a specific report, and access the metrics report of a specific process
Note:
A Data Admin cannot add members to a process.
Report Admin
A Report Admin can create, modify, or delete reports in a process. They can also access and modify others' reports. We support this role in our Enterprise plan only.
As a Report Admin, they can:
- View, create, edit, share, and delete reports
- Access a process form and its relevant comments from a report
- Access their reports even if their role is downgraded by the Process Admin. However, a Process Admin can choose to revoke a Report Admin's access to their reports if required.
Note:
A Report Admin cannot add members to a process.
Developer
A process developer can build or modify a process from scratch.
As a process developer, they can:
- Access a process, initiate items, and edit it
- Add initiators to a process while editing or modifying workflows
- Create, edit, share, and delete reports created by them
- Access their reports even if their role is downgraded by the Process Admin. However, a Process Admin can choose to revoke a Process Developer's access to their reports if required.
Member
A member can access a process and initiate items.
As a process member, they can:
- Initiate items as part of a process
- Create reports if relevant permission is granted to them. They can access the reports created by and shared with them respectively.
Here is a detailed overview of the permissions mapped with each of these roles:
Permissions |
Process Admin |
Data Admin |
Report Admin |
Developer |
Initiator/ Member |
Access process |
โ |
โ |
โ |
โ |
โ |
Initiate an item |
โ |
Optional |
Optional |
โ |
โ |
Manage process settings |
โ |
X |
X |
โ |
X |
Add or remove members |
โ |
X |
X |
X |
X |
Edit process |
โ |
X |
X |
โ |
X |
Perform bulk actions |
โ |
โ |
X |
X |
X |
View audit log |
โ |
X |
X |
X |
X |
Archive and delete process |
โ |
X |
X |
X |
X |
Duplicate a process |
โ |
X |
X |
X |
X |
Create reports |
โ |
โ |
โ |
Optional |
Optional |
Share reports |
โ |
โ (Applicable to only the reports they own) |
โ |
โ (Applicable to only the reports they own) |
โ (Applicable to only the reports they own) |
Delete reports |
โ |
โ (Applicable to only the reports they own) |
โ (Applicable to only the reports they own) |
โ (Applicable to only the reports they own) |
|
View all reports |
โ |
โ |
โ |
X |
X |
View Metrics report |
โ |
โ |
โ |
X |
X |
View process administration table |
โ |
โ |
X |
X |
X |
Modify item |
โ |
โ |
X |
X |
X |
Delete item |
โ |
โ |
X |
X |
X |
Adding members and groups to a process
Whoever creates a process becomes the Admin of the process by default. They can perform any operation related to a process, ranging from adding or removing members to modifying or deleting process data. You can share the process with any flow member or group within your organization and also invite external users to be a part of your process as necessary.
- Navigate to the process for which you would like to add members.
- Click the Manage button > Share.
- Click + Add members.
- Type the name or email address of the user or group in the text area present under Select users and groups.
- You can also invite an external user who isn't a part of your organization to your process as part of the Share settings.
- Type the email address of the external user like the following and you'll see an Invite link below.
- Click the link to send an invite to the external user.
- You can also invite an external user who isn't a part of your organization to your process as part of the Share settings.
- Select a relevant role from the Role dropdown after adding the users. If you are not sure about which role to choose, learn about the different roles and permissions that Kissflow Workflow offers.
- We support the Report Admin and Data Admin roles in our Enterprise plan only. Reach out to our support team to upgrade your plan and enable these roles in your account.
- Click Add.
Changing a member's role
A member will lose their current set of privileges when they are downgraded to a role with fewer privileges. However, they might continue to have access to the reports they had created and accessed in the past after their role change. However, you can choose to revoke their access to their reports before changing their role as necessary.
- Navigate to the process page > click the Manage button > Share.
- Click the More options button () beside a member's name and click Change role.
- Click your preferred role from the list that shows up.
- Read the alert message and confirm your action.
- Click Change role to modify the member's role and retain their report access as is or click Revoke report access & Change to restrict them from accessing their old reports after they move to the new role.
Granting additional permissions to a member
- Navigate to the process page > the Manage button > Share.
- Click the More options button () beside a member's name.
- Under More permissions, select the checkbox against the relevant permission to let the flow member acquire additional permission outside their actual scope. Similarly, you can deselect additional permissions to restrict the flow member from using their additional permission as necessary.
Removing a member from a process
Before removing a member from a process, you must be aware of the fact that the member will continue to have access to the reports they had created and accessed in the past after they are removed. However, you can choose to revoke their access to their reports and then remove them as necessary.
- Navigate to the process page > click the Manage button > Share.
- Click the More options button () beside a member's name that you would like to remove.
- Click Remove member.
- Read the alert message and confirm your action.
- Click Remove member to remove the member and retain their report access or click Revoke report access & Remove to restrict them from accessing their old reports after they exit the process.