Wink has two bulit-in permission roles available when inviting a user to an organisation: Admin and User.
All customers also have to ability to define custom roles with fine-grained permissions.
Users with Admin access have full permision for this organisation. This includes inviting other users/admins, full dashboard and report editing priveleges, billing, and deleting the organisation.
Regular users (who have been invited using role 'User') have access to most features, with a few exceptions:
- Users cannot invite other users, or remove the access of other users
- Users can view but not create/edit dashboards that are "for all users in the organisation". They can create dashboards for their own private use.
- Users can create/edit/delete their own reports, but cannot edit or remove a report created by another user
- Users can view but not edit connections to apps
User Defined Roles
Customers with an Enterprise level subscription can create new roles with fine-grained permissions. The permissions for these roles are addititive - i.e. a user starts without any permissions and is granted access to things through one (or more!) roles. A role can be as limited as allowing access to view a single report, or as expansive as full administrator access.
User-defined roles are defined per-organisation, so you can only select relevant roles when adding a user to a particular organisation.
Where an organisation is part of a larger structure and set up as a hierarchy in Wink Reports, user permissions flow from the parent organisation to any children. Users that only have access to a child organisation will not be able to see the parent organisation or any of the sibling organisations.
If a user has Admin permission on the parent / head office organisation, they will also have Admin permissions on all child organisations.
If a user has User permission on the parent / head office organisation, they will have User permission for the children.
A User from the parent organisation can be given the Admin role on a single child organisation by specially inviting the user to that child organisation and granting the Admin role. This will override the User role inherited from the parent organisation.
Hierarchies and Granular Permissions
The granular permissions of user-defined roles flow in a similar manner to the built-in Admin and User roles. If specifying specific reports or data sources which are allowed, you can only choose reports and data sources which belong to the same organisation.
This means you cannot create a parent / head office role which allows access to specific reports in the child organisations, unless those reports or data sources are also available in the parent / head office organisation.
For data sources, you can create an inactive connection to a connector, and this will make the data sources available for selection.
For reports, you can use the partner tools to 'share' a report between organisations.
An alternative solution would be to create roles on the child organisations, select specific reports, then grant the role to the relevant users.