In Policy Manager, we usually want to achieve a distinction between end users who will simply read and/or accept policies, compared to the policy administrators who will create and manage the policies themselves.
- This means we want end users to have 'view' rights only to all relevant policy categories and each policy itself. (If we also want them to accept policies, we can additionally give them the 'target distribution' permission)
- Policy Administrators should be given the ability to add policies per category and additional permissions to edit or delete them.
This guide will detail how administrators can set this up and what each permission means.
Where are permissions set in Policy Manager?
User permissions in Policy Manager are set in two areas:
1. On the admin side by application administrators
2. On the front end, per policy, by the users creating them
1. On the admin side by application administrators
In the Categories tab
Your administrators need to set up the admin side of the application before content can start to be added.
In the 'Categories' tab, they will add the categories where users will create policies.
- End Users: Ensure 'All registered', or other role/group has the 'view' permission to all relevant categories
- Policy Administrators: Ensure your People Role created for Policy Administrators (or similar) is given both the 'view' and 'Add policy' permission to all categories
In the default policy permissions tab
The permissions set here will auto-populate when a new policy is created to help speed up the process and keep permissions static across policies.
- End users: Ensure 'All registered', or other role/group has 'view' policy permission (& 'target distribution' if you want them to have to accept policies)
- Policy Administrators: Ensure your People Role for Policy Administrators (or similar) is given all permissions (apart from 'target distribution' unless you need them to accept the policies they manage)
2. On the front end, per policy, by the users creating them
Now that the admin side setup has been completed, Policy Administrators can start creating policies on the front end.
They will select a category the policy will appear in, and the permissions tab will automatically populate with the permissions set in the default tab on the admin side.
If the Policy creator does not change any of the permissions, the default ones as set in 1. above will ensure end users can see (and possibly accept) the policy whilst administrators can edit and manage it.
If the creator decides to change the permissions from the default, then they are in control of the impact this has on who can see it and the level of interaction they have.
What does each permission mean?
- View Policy: The policy will be visible to the user
- Target Distribution: The user will be prompted to read and accept the policy
- Edit Policy: The user can make changes to the policy's properties
- Edit policy content only: The user can edit the body content of the policy
- Delete Policy: The user will be able to remove the policy
How does this change what a user can see in a Policy?
Extra information about a policy can be viewed by users with appropriate permissions, as detailed in the table below.
Generally, end users are only going to see policy details through their 'view' rights, whilst administrators can see all other tabs as they have all other permissions.
| Tab | Policy Details | Comments | Asset History | Policy History | Approval History | Acceptance History |
| View Policy | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Target Distribution | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Edit Policy | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Edit Policy Content only | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ |
A user reports that they cannot see a Policy
First, check they have permissions to view the category the policy is saved under on the admin side (Admin > Policy Manager > Categories > Edit the category in question)
If they have this, edit the policy itself and open its permissions tab to check they have the 'view policy' permission given.
A user reports that they cannot edit a Policy
Edit the policy in question, do they have the 'Edit policy' permission?
