Checkbox 5.0 Permissions Guide - Amazon Web...

Checkbox 5.0 Permissions Guide

Welcome to the Checkbox permissions guide. This document will walk you through the process ofconfiguring permissions within the Checkbox application.

Contents:

- What are Checkbox permissions? - What is the difference between permissions and roles? - What is the difference between permissions for Respondents and Editors? - How to configure the permissions of a survey for your respondents - Survey Security Definitions - User Roles - How to configure default permissions for surveys, reports, folders, groups and email lists - Permissions Diagram - How to add users and user groups to a survey ACL - How to add users and user groups to a user group ACL - How to add users and user groups to a report ACL - How to configure permissions of a folder to allow non-ACL access - Permissions Review

What are Checkbox permissions?

Permissions control which access-controllable entities a user can create, edit or view. Specifically,permissions can be set on Surveys, Reports, User Groups, Libraries, Folders and Email Lists. Throughout this guide, the shorthand entity will be used when discussing any of the previouslymentioned access-controllable entities.

What is the difference between permissions and roles?

User roles dictate which permissions can be assigned to a particular user. Permissions dictate theaccess over Checkbox entities. Simply being in an Administrator role does not grant a user anyadditional permission (with the exception of System Administrators) over an entity. By default, a userhas access to only the entities they have created, be that a survey, a report, a user group, etc. If youwould like to grant a user access to use an entity they did not create, the user will need to have thecorrect role(s_ and have been granted permission(s).

Checkbox 5.0 Permissions Guide - 1

What is the difference between permissions for Respondents and Editors?

For Surveys and Reports you may set two different sets of permissions:

- Permissions to allow users to ‘Take a Survey’ or ‘View a Report’ - Permissions to allow users to ‘Edit a Survey’ or ‘Edit a Report’

Registered Checkbox Users will only be able to create new surveys or reports if they have the correctroles assigned to their account. These users will only be able to edit or view Checkbox entities if theyhave been granted permissions to do so for each individual entry.

By default, only the editor who created the survey and System Administrators have permission to viewand edit a survey. If you would like additional users to be able to edit/view the survey, they will need tobe added to the survey’s ACL (Access Control List) and granted the appropriate permissions. Thisprocess is covered in more detail in the sections entailed ‘How to configure permissions of a surveyto allow other Survey Editors/Survey Administrators access’

How to configure the permissions of a survey for your respondents (most commonpermissions practice in Checkbox)

By default, all surveys are set to ‘Public’ upon creation; this means anyone provided with the surveyURL will be able to respond to your survey. If you would like to restrict access to your survey/report tospecified user(s) or group(s), then you can change the permissions the following way:


1. From the Survey Manager page, select the survey you want to configure permissions for.

Note: This assumes you are the Survey Administrator for a survey that you have created or have theauthority to change permissions

1. Select Permissions from the dashboard on the right-hand side. 2. Current permissions are summarized below the Permissions heading. To change permissions, selectthe Edit button.


The Permissions page contains multiple options that you may configure.

Resume & Edit Options: This window is where you determine whether respondents are allowed toreturn to already visited survey pages, save the survey and resume it at a later date, or edit theircompleted responses to the survey.


Basic Security Settings: This window is where you determine access control for your survey.

1. Select a Survey Permission Type from the left-hand column. 2. Checkbox will tell you who can take this survey on the right-hand side of the window.3. Checkbox will provide a description of the security setting you selected at the bottom of the window.

Note: Each option changes the permissions of your survey for Respondents only. This section doesnot configure any permission for the users who will have the ability to edit your survey. This will becovered in a later section: ‘How to allow other users the ability to edit surveys’


Advanced Security Settings: From this window you can view current user permissions, changedefault permissions, and add users and/or groups to access lists.

The ACL refers to the Access Control List. Many entities in Checkbox have an Access Control List. This list allows you to control permissions for your entities. For example, if you needed to grant anadditional Survey Editor the ability to edit a survey you could grant them this permission using the ACL.

If you chose Access List as your survey security setting in Basic Security Settings, select Save andmove to the Advanced Security Settings tab (see screen shot above).

1. The left hand side of the editor (Permission List Entries) contains the list of users and groupscurrently in the access control list (ACL).


2. The Current Permissions pane (right hand side of the editor) contains the permissions that applyto the currently select user in the user list.

When you are happy with your permissions/security configuration, select Save to save your changes.

Survey Security Definitions

Public: Survey has no access control. Any respondent, including those not registered in Checkbox asusers, will be allowed to complete this survey. Responses will be anonymous.Password Protected: A survey-specific password will control access to this survey. Any respondentthat knows the password may complete this survey. Responses will be anonymous.Access List: Only users specified in the access control list will be allowed to complete this survey. Users must log-in to Checkbox to take the survey and their user attributes will be linked to theirresponses. Select the "Respondents List" button (will appear once the Access List option is selected) toadd users to your survey access list (see above image).All Registered Users: Any user that can log into Checkbox and is assigned the respondent role willbe able to complete this survey.Invitation Only: Only respondents who have been invited via an email invitation sent by the Checkboxapplication will be able to respond to this survey.

Checkbox Tip: By setting your survey to ‘Public’ or ‘Password Protected’ you are not requiring yourrespondents to be registered Checkbox Users. This means that each response will be captured as an‘Anonymous Respondent’. If you would like to capture the user name of your respondent, you will needto create an account for your user and set permissions for your survey to ‘Access List’ or ‘All RegisteredUsers’


Anonymous Respondents

By setting your survey to ‘Public’ or ‘Password Protected’ or ‘Invitation Only’, you are not requiring yourrespondents to be registered Checkbox Users. This means that each response will be captured as an‘Anonymous Respondent’. If you would like to capture the user name of your respondent, you will needto create an account for your user and set permissions for your survey to ‘Access List’ or ‘All RegisteredUsers’.

Access Control List

The ACL Editor refers to the ‘Access Control List Editor’. Many entities in Checkbox have an ‘AccessControl List’. Users may only be added to a particular entity's ACL if their individual user role(s)correspond with that entity. For example Report Viewers may be added to a report ACL. This list allowsyou to control permissions for your entities. For example, if you needed to grant an additional SurveyEditor the ability to edit a survey you could grant them this permission using the ACL. WIthin the ACLyou can also configure the 'Default Policy.' Under the Default Policy tab of an ACL you can setnon-ACL (anyone not specified on the ACL) access levels.

User Roles

Checkbox User Roles are configured when you create a new user and can be edited within the UserManager at any time by an administrator. You can select one or more user roles for any given user,depending on the level of access you wish to grant them within Checkbox. The following is a list of all


user roles and the actions each role is capable of:

Systems Administrator: Can change the settings of the application and view/edit/respond to all itemswithin CheckboxSurvey Administrator: Can create/edit/activate surveysSurvey Editor: Can modify surveysUser Administrator: Can create new usersGroup Administrator: Can assign users to groupsReport Administrator: Can view reports and create new onesReport Viewer: Can view existing reportsRespondent: Can respond to surveys

These roles are required in order to complete specific action(s) on a Checkbox entity. For example, if aparticular user is a Survey Editor but has not been added to the ACL list of a specific survey, then theywill not be able to edit that specific survey.


How to configure default permissions for Surveys, Reports, Folders, Groups and EmailLists

Access control lists are used to control the permissions settings for surveys, reports, folders, groupsand email lists. The "default policy" of a Checkbox entity determines what permissions are granted tousers who are not on the ACL.

For example, if the default policy for a survey grants Take Survey permission, any respondent can takethat survey. To configure the default permissions for a survey, run through the following steps:

1. From the Permissions Editor select the Advanced Security Settings Tab2. Select Default Policy to edit the default permissions


3. Enable the appropriate options you would like to grant all users to your installation4. Select the Save Changes button to save your changes

Checkbox Tip: ACL permissions supersede any default policy. Checkbox Tip: When adding a user group to an ACL, only users with user roles that correspond withthat ACL entity will have access. Make sure all group members have the appropriate user role.

Permissions Diagram

The above flow chart illustrates the process Checkbox uses to evaluate permissions. From thediagram, the following key points about access control become clear: - An ACL policy cannot grant permission to a user who is not in a role that also grants thecorresponding permission


- An ACL policy can deny permission to a user even if they normally have that permission (i.e. the useris in a role that has that permission and the default policy has been configured to grant access) - An ACL policy for a user or group can deny permission to that user or group even if the default policygrants that permission to every other user

How to add users and user groups to a survey ACL

After creating a survey you may want to grant other Checkbox users permission to view or edit yoursurvey . This can be accomplished through the following steps:

1. From the Permissions Editor select the Advanced Security Settings Tab2. Select Add Users/Groups to Access List


3. From the left pane, locate the user/group by using the Filter List field or by scrolling through theavailable list of users/groups4. Add desired users/groups to access list by moving them into the right pane using the white arrowicons

How to add users and user groups to a user group ACL

By default only System Administrators are permitted to view other users groups in Checkbox. If youwish to grant a user or group of users the ability to view other Checkbox user groups you will need toadd members to the ACL.

Checkbox allows you to edit the permissions and add user(s) to the ACL (Access Control List) of anyuser group in your installation. Once you have added the desired user(s) to your user group ACL, youcan configure the ACL of that user group to allow said user(s) the ability to edit, view or administer thegroup.

Use the following steps to add a new user to the ACL of the ‘Test Group’ user group:

1. Select Users from main Checkbox menu2. Checkbox defaults to displaying the list of individual users. To view user groups, select User Groupsfrom the Manage drop-down3. Select desired user group (i.e. 'Test Group') 4. Select the 'Security' button from the user group dashboard to open the ACL for that group


Once you select 'Security' you are brought to the User ACL (Access Control List). From here you canview/change permissions of existing ACL users, change the default policy for users not on the ACL,and add new users/groups to the ACL.

From the User ACL Access List tab you can see that there is currently only one entity, 'admin' in the'Test Group' ACL.


Follow the steps below to add new users to the this group ACL:

1. Select the Add Users/Groups to Access List tab to add additional entities to this user group ACL2. Add desired users/groups to the Users/Groups Added to Access List pane on the right-hand sideusing the white arrows


Select the Access List tab to view your updated User ACL.

1. To change individual ACL user permissions, select the white arrow to the left of the desired entity toview/change Current Permissions in the left pane2. Select the Save button to save your changes


How to add users and user groups to a report ACL

By default only System Administrators are permitted to view other reports in Checkbox. If you wish togrant a user or group of users access to a Checkbox report you will need to add members to the ACL(Access Control List). Make sure the user(s) you add has a 'Report Viewer' or 'Report Administrator'user role (configured in user's profile).

Checkbox allows you to edit the permissions and add user(s) to the ACL of any individual report. Onceyou have added the desired user(s) to your report ACL, you can configure the ACL of that report toallow said user(s) the ability to edit, view or administer the report.

Use the following steps to access a report ACL (make sure you are logged in as a Report Administratoror System Administrator):

1. Select a survey from the Survey Manager2. Select the 'View All' button from the Reports menu in your survey dashboard to view a list of allavailable reports3. Select a report, then select the 'Permissions' button from the report dashboard to open the ACLEditor


Once 'Permissions' is selected the report ACL will pop up. Follow the steps below to add a user and/orgroup of users to a report ACL:

1. Move to the 'Add Users/Groups to Access List' tab and move desired user group from the 'Users/Groups Available to Add to Access List' (left) to 'Users/Groups Added to Access List' (right) usingthe white arrows.2. Once desired users have been added, move back to the 'Access List' tab.3. To configure the permissions of your new ACL member, select the white arrow to the left of theuser/group. Current permissions for that user/group should appear under 'Current Permissions' (left).Check off desired permissions and select Save Changes.


How to configure permissions of a folder to allow non-ACL access

Every survey folder within Checkbox contains its own access control list (ACL). The creator of the folderor a system administrator will need to grant access to the folder for other users.

Note: Permissions of a folder DO NOT propagate down to survey listed inside a folder

Use the the following steps to change the default permissions of a folder:

1. Log into Checkbox as an Administrator of your folder and open the folder you wish to editpermissions for2. Select the ‘Security’ option


Once you select 'Security' you are brought to the Folder ACL (Access Control List). From here youcan view/change permissions of existing ACL entities, change the default policy for users not on theACL, and add new users/groups to the ACL.

1. Select the Default Policy tab to set permissions for users who are not expressly on the permissionlist2. To grant non-ACL access to this folder, select one or more of the default permissions options3. Select the Save button to save your changes

Key


Permissions Review

After reviewing this How to Guide the following major points should be easier to understand:

- Checkbox allows you to set permissions on Surveys, Reports, User Groups and Email Lists.

- Checkbox allows you to set different access roles for individual users within Checkbox.

- Being assigned a role does not in of itself grant a user access to a Checkbox entity. Being a memberof a role simply controls which permission can be granted to a given user.

- Permissions can be set on a survey in three different places(Survey Security, Access Control List andDefault Policy within the Access Control List) .

- The System Administrator has rights over all entities of Checkbox and does not need to be configuredon any ACL or security page. When testing surveys for your respondents DO NOT use the SystemAdministrator account since permissions will be superseded and you will not have a properrepresentation of how your survey will behave.

- If you configure the permissions of your survey correctly but a user still can’t view/edit it then doublecheck your Folder permissions to confirm you have set those permissions as well.


Checkbox 5.0 Permissions Guide - Amazon Web...

Documents

Transcript of Checkbox 5.0 Permissions Guide - Amazon Web...