Guides
Start typing to search…

Organizations, Units and Roles

Learn how organizations, units and roles create the access model in Omnidocs Create

Introduction

Access management in Create is built around three core concepts: organizations, units, and roles. Together, these concepts form the foundation for the platform's identity and permission model. The addition of roles improves consistency, scoping, automation and the general predictability of how access is evaluated across the application.

This page gives you a conceptual understanding of how access works.

Organizations

An organization is the top level container within a Create tenant. Everything inside the tenant belongs to an organization, including:

  • Units
  • Members
  • Roles

The organization defines the global identity and high level permissions. Usually a Create environment only contains a single organization.

What organizations are used for

  • Centralizing global configuration
  • Managing top level administrators
  • Creating and deleting units
  • Defining root permission rules for inheritance

Units

A unit is a logical subdivision of an organization. Units allow companies to reflect their internal structure inside the Create platform. A unit might represent a department, a team or a location depending on which structure suits you the best.

Units serve two main purposes:

  • Scoping access to recipes, assets and data
  • Delegating permissions to specific groups

A user assigned to a unit only gets access to the resources that belong to that unit, unless they have explicitly been granted access to multiple units.

Examples of units

  • Sales
  • HR
  • Finance
  • Region North
  • Team A

Units provide a flexible way to map organizational complexity into Create.

Roles

A role defines what a user is allowed to do. Roles combine two ideas:

  • Scope (define where the user can act)
  • Permissions (define what the user can do)

Roles are assigned at organization level and can be set up with criteria to be applied automatically to new user accessing the application. A role can span across multiple (or all) units in the organization with 3 permission levels:

  • View
  • Edit
  • Moderate

These permission levels can be set independently on unit-level when configuring the role.

Examples of roles

  • Organization administrator
  • Unit administrator
  • Template builder
  • Document creator

Which exact roles you need depends on your own setup and how you'd like to separate scope and permissions.

Unit permissions

Permissions can also be applied specifically on a user on unit level. This will overrule the permissions they already might have assigned by a role.

If a user implicitly has access because of a role, it will be displayed when viewing the members list on the unit as an administrator.


Updated 10 days ago