Data (visibility) permissions

This guide provides step-by-step instructions for managing data permissions (also known as visibility permissions) in your organisation. Data permissions control which specific records users can see within their assigned modules.

Understanding data permissions

Data (visibility) permissions work with user groups to form Zudello's two-layer security model. User groups define what functionality users can access, while data permissions define which specific records they can see within those modules.

Zudello includes four standard data (visibility) permission levels that cover most business scenarios. For detailed information about these permission levels and when to use them, see the User groups and permissions guide.

Important

User groups and data permissions work together to control user access.
User groups define what users can do, while data permissions define which records they can see. Both must be configured for every user.

Before you start

• Ensure you have administrator access to visibility permission settings
• Review the User groups and permissions guide to understand the four standard visibility levels
• Understand your organisation's data access requirements and segregation needs

Standard visibility permission levels

Zudello includes four pre-configured visibility permission levels:

• Full
  • Unrestricted access to all data within assigned modules
• Own Only
  • Limited to only those records assigned to the user or created by them
• Subsidiary Only
  • Limited to only those records related to the user's assigned subsidiary
• Location Only
  • Limited to only those records related to the user's assigned location

Most organisations can use these standard levels without modification. For complete details on each level and implementation examples, see the User groups and permissions guide.

Managing visibility permission assignments

The primary task for most administrators is ensuring users are assigned to the correct visibility permission level.

Accessing data permissions

To access data permission settings:

1. Click the company menu at the top right of your screen
2. Click Settings

3. Click Data permissions in the left sidebar

Viewing current permission assignments

The data permissions table shows all permissions and their associated user groups. To view details for a specific permission:

1. Find the permission in the data permissions table
2. Click the edit icon next to the permission

3. Review the permission details:
   • Permission name
   • Assigned user groups
   • Resource access settings

Assigning user groups to data permissions

To assign user groups to a data permission:

1. Open the data permission you want to modify
2. Select the user groups that should have this permission/visibility level
3. Click Save to apply the changes

Remember that all users within the selected user groups will inherit this data permission.

Advanced data permission management

For organisations with complex data access requirements, you may need to modify or create custom data permissions.

Modifying existing permissions

To modify resource access within a certain data permission:

1. Open the data permission you want to edit

2. Review the current resource permissions listed

3. To add a new resource:

   • Click Add permission

   

   • Select the desired resource from the drop-down menu

   

   • Choose the permission type (All, Own, or Related)

4. To remove a resource:

   • Find the resource in the permissions list
   • Click the delete icon next to the resource

   

5. Click Save to apply the changes

   

Configuring related permissions

When using related permissions to control access:

1. Select Related as the permission type
2. Click the If has access to drop-down
3. Choose the related resource type
4. Select the appropriate access level for the related resource

For example, to allow users to see transactions only for locations they are assigned to:

1. Click Give access to
2. Select Transaction
3. Click Select option and select Related
4. Click If has access to
5. Select Location
6. Click Select option and select Own

The user will now only have visibility over transactions for the locations they are assigned to.

Important

If you configure related permissions, you will need to ensure that users have also been assigned to the relevant related records.
For guidance on assigning users to records, see Assigning users to records

Creating new data permissions

For unique business requirements, you may need to create custom data permissions:

1. Click Create

2. Enter a name for the new permission
3. Select the user groups this permission applies to

4. Add relevant resource permissions using the steps above
5. Click Save

Deleting data permissions

To remove a visibility permission that is no longer needed:

1. Find the permission in the data permissions table
2. Click the delete icon next to the permission

3. Click Yes to confirm deletion.

Warning

Deleting a data permission may remove data access for all users assigned that level of visibility.
Before deleting a visibility permission, ensure no user groups are currently assigned to it, and communicate your actions to the wider business.

Implementation best practices

• Start with the four standard visibility levels before creating custom permissions
• Test visibility changes with a small group of users before rolling out widely
• Keep visibility permission structures as simple as possible while meeting your needs
• Review data permissions regularly to ensure they align with your security requirements
• Document any significant changes to visibility permission settings

Common implementation patterns

For guidance on which visibility permission levels to use for specific roles, refer to the User groups and permissions guide. Common patterns include:

• Individual contributors
  • Own Only visibility
• Department heads
  • Full visibility
• Multi-entity organisations
  • Subsidiary Only visibility
• Multi-location organisations
  • Location Only visibility

Things to avoid

• Giving Full visibility without clear business justification
• Creating unnecessary custom permissions when standard levels will suffice
• Not testing visibility changes before applying to production users
• Failing to document permission changes and business rationale

Need help?

Contact your organisation administrator or Zudello support for assistance with data permissions configuration.