Different roles have different permissions within Good Grants. Access to various parts of the system can be controlled under Settings > Roles.
- Has access to every section in Good Grants
- Can add other users as reviewers, chapter managers or grants managers
- Can see all data, including hidden fields and reviewer comments
- Can access applications from their chapter(s) only
- Can move applications into another category or chapter
- Can access Settings and Reviewing sections unless permissions are revoked
- Can view own applications only
- Can create and submit own applications
- Can vote if necessary permission is given
- Can only see and score applications assigned to them
- Can only see their own scores unless permissions are changed
- Cannot see scores of other reviewers unless relevant permissions are given
What do Deny, Inherit and Allow permissions mean?
|Permission||What does this mean?|
'Deny' is the only permission which overrides other permissions for a given resource, even if another role is set to ‘allowed’.
Note: we don't recommend to use the 'Deny' permission as it can prevent a user from accessing parts of the system.
Inherit means ‘by default’. By default the role doesn't have that permission unless another (additional) role allows it or it has been set to ‘allowed’.
For example, if a user has one role applied to 'inherit’, they won't have the permission. If they have two (or more) roles applied and one role has the permission set to 'inherit' and the other role with the same permission set to 'allow', then the 'allow' permission will override the 'inherit' permission.
Users of this role are allowed access.
Examples of common role permissions
|Permission||What does this mean?||Which role it applies to by default?||Who else can this be applied to?|
|Scores (own)||Anyone who has this permission can see their own score.||This permission is applied to the reviewer role by default. Reviewers can create view, update and delete their own score.||
This permission can be given to manager, voter, guest and applicant role to be able to vote (or score).
|Scores (others)||Anyone who has this permission can see others' scores.||This permission is applied to the grant manager role by default. The grant manager can see scores scores from all reviewers.||
1) This permission can be given to senior reviewers so they can see scores from other reviewers.
Note: access to the leaderboard is global and not restricted to the panel(s) the senior reviewer is on.
2) This permission is required to be set when 'Share scores' setting is on in the score set. Share scores allows reviewers to see scores & comments from other reviewers on the application.
|Applications (own)||Anyone who has this permission can see their own application.||This permission is applied to the applicant role by default. The applicant can create, view, update and delete their own application.||Any role who needs to be able to create & submit an application.|
|Applications (others)||Anyone who has this permission can see others' applications|| This permission is applied to the grant manager and chapter administrator roles by default.
The grant manager can access all entries under Applications > Manage applications
The chapter administrator can access applications from their own chapter only.
A new role created who needs access to entries. Can be a PR person or an agency helping the client to collate data from the entry.
Note: it is advisable to set the 'Update' and 'Delete' permissions to 'Deny' to make this access view-only (and risk free!)