Ultimate guide to user roles
What are roles?
In Good Grants, a user's role dictates which areas of the platform that user has access to and what actions they are able to take in those locations. Certain default roles are provided when your account is created, though custom roles may be configured if necessary. These roles and their associated permissions can be found and edited in the Manage workspace under Settings > Users > Roles.
Default account roles
Good Grants provides a series of default roles that fit most programs' needs. These roles are:
Role | What can this role do? |
Grant manager |
|
Applicant |
|
Reviewer |
|
Lead reviewer |
|
Voter |
|
Guest |
|
Bookkeeper |
|
Auditor |
|
Create custom roles
Your program may have a set of unique requirements that the default roles may not fit. In these cases, you can create your own custom roles within the platform.
- In the Manage workspace, navigate to Settings > Users > Roles
- Click New role
- Provide a name for your new role; i.e. "Intern" or "Voter"
- Select the checkboxes associated with each area of the platform you wish to give users with this role access to
Tip: to provide more granular permissions, click Advanced and then choose to 'Deny' or 'Allow' the role permissions as needed (more on what those mean below)
- Save
What do 'Deny' and 'Allow' permissions mean?
Permission | What does this mean? |
Deny |
'Deny' is the only permission which overrides other permissions for a given resource, even if another role is set to ‘allowed’.
Note: we don't recommend to use the 'Deny' permission as it can prevent a user from accessing parts of the platform if other roles are assigned.
|
Allow |
Users of this role are allowed access. |
Commonly given role permissions
Permission | What does this mean? | Which role it applies to by default? | Who else can this be applied to? |
Scores (own) | Anyone who has this permission can see their own score. | This permission is applied to the reviewer role by default. Reviewers can create view, update and delete their own score. |
This permission can be given to managers, voter, guest, and applicant role to be able to vote (or score).
|
Scores (others) | Anyone who has this permission can see others' scores. | This permission is applied to the grant manager role by default. The grant manager can see scores scores from all reviewers. |
1) This permission can be given to lead reviewers so they can see scores from other reviewers.
Note: access to the leaderboard is global and not restricted to the panel(s) the lead reviewer is on.
2) This permission is required to be set when 'Share scores' setting is on in the score set. Share scores allows reviewers to see scores & comments from other reviewers on the entry. |
Applications (own) | Anyone who has this permission can see their own entry. | This permission is applied to the applicant role by default. The applicant can create, view, update and delete their own entry. | Any role who needs to be able to create & submit an entry |
Applications (others) | Anyone who has this permission can see others' applications | This permission is applied to the grant manager and chapter manager roles by default.
The grant manager can access all applications under Applications > Manage applications The chapter manager can access applications from their own chapter only. |
A new role created who needs access to applications. Can be a PR person or an agency helping the client to collate data from the entry. |
Configure role registration
The registration form on the home page is the default registration form which, once completed, grants the default role (usually an applicant role) to the user. Additional registration forms can be configured to allow public or registered users to complete specified user information to register for another role.
To set up role registration, follow these five simple steps:
Step 1: create a role to be granted on successful registration
- From the Manage workspace, go to Settings > Users > Roles
- Click New role
- Give the role an appropriate name
- Click the checkbox Registration form for this role is active
- On the right, set permissions that will be granted with the role
Note: for security reasons, only limited permissions are available to roles for which a public registration form is active. - Save the role
Step 2: configure fields to be collected with registration (if applicable)
Navigate to Settings > Users > Fields and configure user fields for each piece of information you want to collect on this role registration form
Step 3: create content to be displayed on the role registration form (optional, but recommended)
- Go to Settings > Content > Content blocks
- Click New content block
- In the Content location drop-down, select Role registration form
- Add a relevant title and content
- Save
Step 4: create content to be displayed on a page after role registration is complete
- Navigate to Settings > Content > Content blocks
- Click New content block
- For the Content location, set Role registration completed
- Add a relevant title and content
- Save
Step 5: finalise the form
- Go back to Settings > Users > Roles and open the role you created
- Under Content block for registration form you can now select the content block you just configured
- Under Content block for registration completion you can now select the content block you just created
- You will now also see there is a Form URL displayed for the role that can be shared with users you wish to register for the role
If you wish to configure a specific role registration email for these users, you can do so by selecting the 'Role granted' trigger when setting up the notification. Once this trigger has been chosen, select the Notification applies to some roles radio button and choose your custom role. Continue configuring your notification as normal. For more details, see: Ultimate guide to notifications.
Additional configuration options
When editing or configuring roles, there are a few other options to note:
Default role for home page registration
This option allows for the selected role to become the default role given to new users that register for the platform. For example, you may set a voter role as the default after applications have concluded and are set to be evaluated in a voting judging stage.
Guest account role for anonymous users
Guest users can be given a limited number of permissions that allow them to, for example, view a public gallery. These guest users are not registered with your account.
Require multi-factor authentication
You can require users with the selected role to verify their identity at login via multi-factor authentication (MFA). To learn more about this option, see: Multi-factor authentication.