User Rights & Restrictions
Need to keep track of your users' MinistryPlatform access? Want to make sure a volunteer doesn't have full rights to financial pages? The User Rights & Restrictions read-only page provides a comprehensive list of available access and/or restrictions for all users with at least one security role. It's your user access cheat sheet!
The User Rights & Restrictions page is located in the Administration page section folder and is included in the Administrator security role. It comes with multiple views and provides a comprehensive, searchable look at Platform security by user.
This page helps track user access to the Platform, and we know our community will have more creative ways to maximize its potential. Have an idea to fully leverage this page? Share it in the MinistryPlatform Community! Here are some examples to get you started.
- Find the perfect report for a ministry? Before you share it and train the ministry how to use it, check this page to see if a user does NOT have access to an existing report. Save yourself both time and frustration!
- Have a crackerjack volunteer you trust with the Combine Contacts or Deceased Persons Tool? Use this page to see which security role grants a user access to a particular tool and assign the appropriate one to your volunteer.
- Need to grant a user the highest access for a specific page? This page quickly shows which security role grants a user the highest level access to a particular page.
What Displays on the Page
- Page – Displays if they are Main Domain pages that exist within the Security Role grid. Excludes System Setup and System Lookup pages.
- Sub-page – Displays if the user has at least read-only rights to the sub-page. "None" access does not apply to sub-pages.
- User - Displays if the user has at least one security role.
- Item Type – Always display: Page, Report, Tool. Only display if they exist: Field Restrictions, Attach Page File, Sub-page, Export Page Data, Secure Page Records.
- Access – Level of access that the user has to the item.
Who Displays on the Page
- Users with at least one security role.
- One row displays per user, per specific Item Type that exists.
- For example, one row shows that the user "Hannah" has the Attach Page File Item Type per specific page where Access is set to Attach. The Role List summarizes this by providing which roles grant this access.
- For example, one row shows that the user "Hannah" has the Attach Page File Item Type per specific page where Access is set to Attach. The Role List summarizes this by providing which roles grant this access.
- One row displays per user, per specific Item Type that does not exist for pages, reports, and tools. These are the rows that show no access.
- For example, one row shows that the user "Hannah" does not have access to the Report Item Type per specific report where Access is set to None.
- For example, one row shows that the user "Hannah" does not have access to the Report Item Type per specific report where Access is set to None.
Page Views
- My Rights & Restrictions (default)
- The authenticated user's rights and restrictions.
- All Records
- All page records.
- Can Impersonate
- A comprehensive list of rights and restrictions for users whose User record has the Can Impersonate field set to Yes.
- Field Restrictions
- A comprehensive list of all users with field restrictions.
- Page Rights & Restrictions
- A comprehensive list of all users' page-related rights and restrictions.
- Sub-page Rights & Restrictions
- A comprehensive list of all users' sub-page-related rights and restrictions.
- Setup Admin
- A comprehensive list of rights and restrictions for users whose User record has the Setup Admin field set to Yes.
Columns
- Contact Display Name
- The user's Display Name from their Contact record.
- Nickname
- The user's Nickname from their Contact record.
- Item Type
- The type of access or restriction granted.
- Item Name
- The specific page, report, or tool associated with the Item Type.
- Access
- The highest level of access granted to a page or sub-page (for example, Read, Edit, and so on), or the specific access granted to other Item Types (for example, Attach, Launch, and so on).
- Role List
- The list of security roles that grant the user access, followed by qualifiers to show which type of access each specific role provides:
- R: Read
- E: Edit
- A: Mass Assign
- D: Delete (Full)
For example, user "Kaitlyn" is granted both Delete (D) and Assign (A) rights to the Household Care Log page through different security roles. Since Delete extends the most permission, that is the value that displays in the Access column.
Note: As with all read-only pages, performance may be impacted based on how many records exists. This varies based on the number of eligible users per system.