ftrack provides role-based access control, which allows you to restrict selected system access to authorized users.
It comes with various built-in customizable default user roles, but it also allows you to create new custom roles, restricting user permissions of who can see and do what throughout the system.
ftrack roles/permissions can be managed by an Admin or a role with Global permissions access to Manage settings.
To access the Roles page:
- Click on your Profile icon at the top-right and open System settings.
- Choose Security Roles.
ftrack comes with five pre-configured user roles that fit most studios and can be used without further customization.
Default user roles:
|Please note: You currently cannot reset a role to the initial default permissions in the UI. Therefore we recommend first making a clone/copy as a backup if you want to make changes.|
Setting the Default Role for New Users
When creating a new user account, it will automatically be given a default role which can be updated within System settings.
To update the setting:
- Go to System settings > Security > Settings.
- Click the drop-down menu of the Default role setting and choose your preference.
- Save the setting.
Create a New Role
To create a new customized role, follow these steps:
- Go to System settings > Security > Roles page.
- Click the Create button, opening a new Role editor window.
Role editor window:
The Role editor enables you to customize all permissions for that role from the bottom up. From allowing a role to only see a specific dashboard or only change and save a value in a custom attribute or deciding what a user with a particular role should be allowed to edit and delete.
Best practice: Administrator-level roles that can perform most or all actions, specifically System Settings, should be kept to a minimum so there is only one or a select few agreed-upon users that have control over the functionality of the workspace and workflows.
- Type in a Name for the role.
- Choose the Role type from the drop-down menu.
The Role type is essential because it decides the available permission set to modify on the role. Each type has a different permission set.
Three Role types to choose from:
- Choose what a role can do by checking and/or unchecking the boxes in front of the actions you want the role to be allowed to perform.
List of different permission groups and permissions:
Global permissions (system-wide)
Project Permissions (project-specific)
These permission groups are created to handle most production use cases and cover all the common permissions for each role while allowing users granularity.
Please note: The available permission sets and individual permissions you can select from depend on the Role type you are selecting.
- Save the setting.
Clone a Role
While creating a new user role, you can save time by using the Clone option to base your new role on an existing one:
- Click the Clone button.
- Use the drop-down menu to select which role you want to base it on. Rename the role in the Role name field (top-left).
- Save the setting.
Edit a Role
You can edit an existing role using the same Role editor dialog as when adding a new role. Go to System settings > Security > Roles.
To access the Role editor dialog, hover over the role you want to update and click the Edit (pencil) icon.
Delete a Role
To remove a role, click the Delete (trash can) icon in the shortcuts column, opening a new dialog box.
Click the red Delete button to confirm the removal.
Confirm a User's Role
To see which role a user has, go to System settings > Resources > Users and Groups. Each user's account record has a Roles attribute (see column) where you can see their assigned user role(s).
Assign a Role to a User
Once the roles are created or updated, you can assign them to specific users.
Go to System settings > Resources > Users and Groups to find your Users page.
Hover over a user whose role you want to change and click the Person/Roles icon to the left of their profile picture. This opens the Role Manager for that user.
If you are replacing an existing role for the user, hover over the existing role on the left of the dialog and click the Trash icon to remove it.
If you are adding another role in addition to the existing role, there is no need to delete the existing role - move to step 4.
At the top left, there is the Roles dropdown menu. Click the 'Select...' empty field to open the menu and select the new role.
Click ADD to confirm that role for your user.
Select the newly added role in the left pane, and from the right pane, toggle their access for All Open Projects to the desired setting. Repeat for each role (if there is more than one).
Optional: If you want to give the user access to private projects, select the project from the Projects dropdown list and click ADD. Repeat if you have more than one private project to add.
And then, repeat the full step for each role if you have multiple roles for the user.
Click Save Changes to complete the update.