Box Security Settings
- Anna Ciepłota
Available roles
Security roles grant access to view and edit boxes (edit content and configuration of boxes and create sub-boxes).
Roles can be assigned to individual users or an entire monday team.
Box security role | Permissions to | Additional information |
|---|---|---|
Box Admin |
| Besides editing the box content, a box admin can change the box configuration settings. |
Box Editor |
|
|
Box Viewer |
| The role is inherited when you create sub-boxes. Box viewers do NOT have access to the box configuration. |
Sub-Box Creator |
| Only box admins can create a sub-box using a box type with the Inherited only security mode. You cannot create a sub-box if you cannot delete it later on. |
Box lead
A box lead is NOT a security role. Box leads are NOT automatically granted any permissions. To let the user access a box, assign some security role within a given box.
Access status
Box roles to NOT result in users getting access to the BigPicture app.
Make sure to assign App roles.
The access status column lets you know if a box role has been successfully assigned:
Granted - user has been granted specified access
No access - App BigPicture permissions are missing
Note: The Access Status column is present only for users, NOT for teams.
Assign roles
Box roles can be assigned in:
individual boxes (Box Configuration > Security of a given box)
to a box type (Administration > Box types > click box name to open box types settings > Security)
Impact of box type security settings
Box types serve as templates for box creation.
Default security roles assignment
Roles can be assigned to a box type → when a box of a given type is created, users are added to box roles based on the box type security settings.
Changes made to the role assignment of a box type do NOT impact existing boxes. Box type roles apply only once (when a new box is being created).
When a box already exists, user roles have to be managed in box configuration.
Inheritance mode
Box roles are always inherited from an upper level. This means, that if someone is an admin/editor/viewer in a parent box, they are automatically an admin/editor/viewer in all the boxes nested under the parent.
Inheritance mode | Description |
|---|---|
Own with inherited | Roles are inherited from upper levels, but a box admin can additionally assign roles in the Box configuration > Security section. |
Inherited only | Use it when you do NOT want anyone to make changes to user roles. The Security tab is hidden. Remember that the inherited users and their roles are NOT displayed in a box. |
Impact
Changing the inheritance mode of a box type impacts all boxes of a given type (both existing and newly created). Changing the mode from Own with inherited to Inherited only overrides the setup of an individual box. If a box had a unique role assignment, it is replaced with the setup of the upper-level box. Reverting to Own with inherited restores the previously assigned roles. In the Inherited only mode, the Security tab of an individual box is hidden (cannot be accessed in box configuration).
Inherited security roles visibility
To know what user roles have been inherited but are NOT displayed, you have to check the upper levels of the hierarchy (technically, that includes all parent boxes up to the root level).
Global box roles
Assign roles in the Home (root) box.
Roles are always inherited from upper-level boxes. Therefore, security roles granted in the home (root) box apply to all sub-boxes in the hierarchy (all sub-boxes and children nested under the home box). If someone is a box admin of the home (root) box, they automatically have the same permissions in all sub-boxes through the hierarchy.