Help related to StrataCommons Organizer permissions.
Permissions
The StrataCommons Organizer permissions system has been designed to meet the following objectives:
- The strata’s records can be accessed by strata members only.
- Access permissions for each group’s records can be customized as needed. Organizer provides good defaults.
- Each strata member’s personal records are kept private and can be accessed by the member and authorized users only, e.g., council members.
Terminology
When talking about permissions, we need precise language. Below is a list of terms used in this document and their meaning:
- Service - One of a number of workspaces in Organizer. Each one has an item in the main navigation bar at the top of each page. Examples: Conversations, Calendar, Requests, Projects, Directory, Library, Website, and Admin.
- Community record - A collective term for all records that can be created and accessed by members of the strata. Examples: Messages, events, requests, projects, documents, web links and comments.
- Notification digest - A summary email of all messages and comments that were created in one of the person’s groups.
- Actions on records - permissions determine which actions a person can perform on a given record. The actions that are subject to permissions are:
- Create a record.
- View a record.
- Update a record.
- Delete a record.
- Group - Groups are the primary mechanism for applying permissions in Organizer. Each strata comes with a number of default groups, e.g., “Council”, “Owners”, “Everyone”, etc. You can also add “Additional groups” to your strata. “Own groups” refers to groups a person belongs to. “Other groups” refers to groups a person does not belong to.
- Membership types - Organizer recognizes three types of strata members, each with its own set of permissions:
- Owner - A strata unit’s owner. Owners have the broadest permissions. Owners don’t necessarily live in the unit they own.
- Partner - An external person that has a professional relationship with the strata. This could be a lawyer, an accountant, a landscaper, or strata manager. They can be given permissions as needed through group memberships.
- Tenant - A person renting a unit in the strata. By default they can only access their personal data. Further permissions can be granted to tenants via group memberships. They don’t own the unit they live in.
Overview
What a person can do in StrataCommons Organizer is determined by the following factors:
- What is the person’s relationship with the strata? (Owner, tenant, or partner)
- Which groups does the person belong to?
- For community records:
- Do the person and the accessed record share the same group?
- If they don’t share a group, is the record marked as private to the group?
Here are some high level rules to help you understand the Organizer permission system:
- Only persons with an active Organizer account can access the strata’s records in Organizer.
- Every person can view their own personal data, i.e. their person and unit records.
- Community records can be created, viewed, and updated by members of the group the record is associated with.
- If a community record is marked as “Private to group”, only group members can view the record. Otherwise all other persons can view it as well. Please note that only group members can update the record.
- The strata’s public website can be viewed by anybody on the Internet.
Below is a more detailed description of each group’s permissions:
Default permissions
The default permissions apply to all persons related to the strata:
- Access to all services except “Admin” and “Website”.
- Create, view, and update community records in own groups.
- Create “Requests” for other groups.
- Receive notification digests for events in own groups.
- View “Persons” list in directory with summary info.
- View own personal details.
- View “Units” list in directory with summary info.
Admin group permissions
Members of the “Admin” group have unrestricted access to all features and all data in Organizer. This allows them to troubleshoot any issues that may arise in Organizer.
Council group permissions
In addition to default permissions, members of the “Council” group have the following extra permissions:
- View public records in other groups.
- Mark new messages as “High priority” so that everyone gets notified immediately via email, irrespective of the recipient’s notification settings.
- View any person’s detail information.
- View any unit’s detail information.
Owner permissions
In addition to default permissions, members of the “Owners” group have the following extra permissions:
- View public records in other groups.
- View any person’s detail information.
- View their own unit’s detail information, including attached files.
Partners and tenants permissions
Members of the “Partners” and “Tenants” groups have only the default permissions.
Website group permissions
In addition to default permissions, members of the “Website” group have the following extra permissions:
- Access the “Website” service.
- Update the strata’s public website.
Additional groups
You can set up as many groups as you want for your strata. Each member of an additional group will have the default permissions.
Anybody on the Internet
Unauthorized users cannot access any strata information. They can only view a strata’s public website.
Permissions matrix
Below is a matrix that shows permissions details for each group available in StrataCommons Organizer. The table is organized by columns for groups and rows for permitted actions. A green checkmark indicates that members of this column's group are permitted to perform the row's action.
| Service access | Council | Owners | Tenants | Partners | Admin | Website | Additional groups |
|---|---|---|---|---|---|---|---|
| Conversations | |||||||
| Calendar | |||||||
| Requests | |||||||
| Projects | |||||||
| Directory | |||||||
| Library | |||||||
| Website | |||||||
| Admin | |||||||
| Community records | Council | Owners | Tenants | Partners | Admin | Website | Additional groups |
| Create records in own groups | |||||||
| Create requests in other groups | |||||||
| View records in own groups | |||||||
| Update records in own groups | |||||||
| View public records in other groups | |||||||
| Mark Message as high priority | |||||||
| Create records in other groups | |||||||
| View private records in other groups | |||||||
| Update records in other groups | |||||||
| Delete records in own groups | |||||||
| Delete records in other groups | |||||||
| Receive notification digests | Council | Owners | Tenants | Partners | Admin | Website | Additional groups |
| For events in own groups | |||||||
| For public events in other groups | |||||||
| For private events in other groups | |||||||
| Directory features | Council | Owners | Tenants | Partners | Admin | Website | Additional groups |
| View persons list with summary info | |||||||
| View own personal details | |||||||
| View units list with summary info | |||||||
| View another person's details | |||||||
| View details (own unit) | |||||||
| View details (other unit) | |||||||
| Attach files to unit | |||||||
| Admin features | Council | Owners | Tenants | Partners | Admin | Website | Additional groups |
| Create, update, and delete Groups | |||||||
| Create, update, and delete Owners, Tenants, and Partners | |||||||
| Create, update, and delete Units | |||||||
| Update Strata attributes | |||||||
| Create, update, and delete Categories | |||||||
| Assign people to groups | |||||||
| Revoke a person's email opt-in | |||||||
| Website features | Council | Owners | Tenants | Partners | Admin | Website | Additional groups |
| Update public strata website |
