Permissions

Shotgun provides advanced permissions to control who can see and do what throughout the system. Permissions are controlled by 'permission roles'; one person is assigned to one role.

Default roles that ship with Shotgun are:

Admin Admins have complete control over all operations in Shotgun (the only exceptions here include modifying things that are required by the system, such as deleting the Template Project).
Artist Artists can only see Projects that they are specifically assigned to. Artists can update or edit:
  • Notes if they are the author of that Note,
  • Status fields on Tasks they are assigned to, though they can’t edit other Task fields,
  • Versions, Time Logs, and Tickets if they are the creator of those entities.
Manager Managers share most functionality with Admins but have certain entities restricted by default. There are no conditional permissions present on the manager default group.
Vendor Vendors can only see Projects that they are specifically assigned to. Additionally, Vendors can only see:
  • Tasks that they (or a group that they are in) are assigned,
  • Shots and Assets if they (or a group that they are in) are assigned to a Task on that Shot or Asset,
  • Notes if they (or a group that they are in) are in the To or CC field, or if they created the Note, and
  • Versions that they create.

Admins can create new permission roles.

  1. Click the “+ New Permission Role” button in the upper right of the permissions page.
  2. You’ll need to give the new permission role a name, and choose a Template. Default permissions will be set for the new permission role based on the template you choose. This saves a lot of time in setting up brand new permission roles.

To find out what your default permissions are, click here down_arrow.png.

What you can control with permissions

  • Entity permissions (who can see or create a Note)
  • Field permissions (who can see or edit the "Status" field on the Note Entity)
  • App permissions (who can see or edit Apps)
  • Advanced permissions (misc. control over things like who can save pages where, etc.)
  • Reset to defaults down_arrow.png

You can see and edit permissions on individual fields or entities themselves, or in the Permissions area of the Admin menu (for those with permission!).

Checking a person's permissions

To see or modify which permission group a person is in, go to the People page. Each person’s account record has a permissions group field where you can change their permission group, and therefore what changes they’re able to make in Shotgun.

Double-click into the field to choose the right permission role for each Person. You can also select multiple People, and right-click anywhere in the permission group field on a record. Choose "Edit Selected", and then choose the permission role to apply to everyone in one go.

Example: Editing permissions on a field

This is the most common case for ongoing permission tweaking, so we'll start here. Every field in Shotgun has two types of permissions on it: who can see the field and who can edit the field.

Who can do this?
Anyone who can edit fields has access to the configure field dialog. Just right-click on the column header of the field (in list mode), select the "Configure field..." option, then click the Permissions tab in the dialog that appears, make your changes, and click 'Update field'. This is good to quickly view or adjust permissions on individual fields, and can be done on any grid page.

Permissions grid configuration

Note: If any checkbox in the permission tab is greyed out, this means that the field is either uneditable, or there's a conditional (advanced) permission rule on the field, and can't be edited through the UI.

Example: Editing permissions on an entity

In the entities section of site preferences, you'll notice a 'Permissions' section. Clicking this loads in all the permissions—by permission role, for that particular entity type—handy when you want to see and edit permissions when dealing directly with an entity. Every entity in Shotgun has four types of permissions: who can see it, who can create it, who can retire it, and who can edit it.

Permissions on an entity
Entity Permissions from Site Prefs. Every entity listed in site prefs has an expandable Permissions section that allows you to see and edit permissions for that entity.

Changing entity permissions

  • From the Site Preferences page, locate and expand the entity you'd like to modify permissions for (e.g., Asset)
  • Click to expand the 'Permissions' widget inside the entity section
  • Check or uncheck any of the checkboxes for the four categories of entity permissions (see, create, retire, and edit)
  • Scroll up to the top of the preferences page and click 'Save Changes'

How entity permissions work

  • Who can see <entities>
    Controls whether or not a role can ever view entities of that type in the UI. For example, if Artists can't see the 'Delivery' entity, they'll never be able to view pages that list Deliveries.
  • Who can create <entities>
    Controls whether or not a role can ever create an entity of a particular type.
  • Who can retire <entities>
    Controls whether or not a role can ever retire an entity of a particular type.
  • Who can edit <entities>
    Controls whether or not a role can ever edit an entity of a particular type. For example, if you set this to yes on Artist for the Asset entity type, Artists will be able to edit any Asset field, unless this is overridden in the field permissions. Setting it to no means that a role won't be able to edit any fields on that entity.

Example: Editing permissions on a personal page

While in Design Mode on a global page (a page not assigned to a Project), you can choose to either share that page with “No One” (so it’s private), or “Everyone”, then pick the permission groups who can see it.

Permissions on a global design page

While in Design Mode on a page that is assigned to a Project, you can also pick the permission groups who can see it.

Permissions on a project design page

Page permissions only control the visibility of the page in the quickjump and Pages menu. Page permissions do not control visibility of the data on a page.

Permission overview and advanced permissions

If you'd like to access a single place to view or change permissions of any sort, go to the Admin Permissions page. From here, you can edit entity permissions, field permissions, app permissions, reset roles to default settings, and assign miscellaneous administrative access rights (like who can set permissions or save pages).

Advanced permissions

About the Permissons page
Each enabled permission role (e.g., Admin, Artist, Manager, and Vendor) shows up on the Permissions page with the following expandable options:

  • Summary
  • Entity Permissions
  • Field Permissions
  • App Permissions
  • Advanced
  • Reset to Defaults

Summary

The summary shows you a line-by-line breakdown of permissions for a particular role (warning: this breakdown can be a little techy since it follows exactly what is printed out in the ruby console).

Entity Permissions

This shows all enabled entities, broken down by permission role. For each entity, it shows the see, create, delete, and edit permissions for that role.

Permissions on a manager entity

Note: Greyed out checkboxes indicate that there's a conditional (advanced) permission rule for that operation (e.g., Artists can only edit Timelogs they are linked to and edit fields on Notes they have created).

Example: Allowing Artists to create Tasks

  • Go to the Permissions page
  • Click to expand the 'Artist' role
  • Click to expand 'Entity Permissions'
  • Locate the 'Task' entity type, then check the 'Create' checkbox
  • Scroll all the way up and click 'Save Changes'
  • All people in the Artist role from this point on will be able to create Tasks

Field Permissions

Field Permissions are broken down by permission role, then by entity type. It shows the See and Edit permissions by field for a given permission role. By default, permissions on entity fields are inherited from the entity-level permissions. For example, if you configure the Artist role to be able to Edit the Task entity, they'll also be able to edit any Task field (with certain exceptions down_arrow.png), unless explicitly prohibited.

Permissions for manager

Note: Greyed out checkboxes indicate that the operation (for example, Edit Asset > Created by) is protected because the field is read-only (in the case of audit fields), or that the operation is protected by a conditional (advanced) permission rule. To find out why a particular field isn't editable, just hover over it to get a tooltip.

Example: Allowing Artists to edit the Asset Description field

  • Go to the Permissions page
  • Click to expand the Artist role
  • Click to expand 'Field Permissions'
  • Click to expand the 'Asset' entity type
  • Locate the 'Description' field, then check the 'Edit' checkbox
  • Scroll all the way up and click 'Save Changes'
  • All people in the Artist role from this point on will be able to edit the Description field on an Asset

Advanced

Use these preferences to control access to very specific administrative features, described below.

Permissions admin

  • Use Admin Options
    • This checkbox preference only gives access to admin UI options. Full access to admin functionality (e.g., unretiring entities) may require specific permissions adjustments on a per-entity basis.
  • Hide Global Nav
    • When ‘Hide Global Nav’ is checked, people will not be able to see or use the navigation bar controls at the top of the page. They will only be able to see their Shotgun Home page, pages they can link to from the Home page, or pages they know the URL for.
  • allow the creation of toolkit eventlogentries
    • If using Toolkit, then there are certain actions that create EventLogEntries via the API. Allowing the creation of these EventLogEntries prevents Toolkit from breaking while keeping the default of not being able to create entities. For more information, visit the Toolkit forums.
  • Edit Global Formatting
    • Only people with this permission will be allowed to create Global Formatting rules, which affect formatting on every page in Shotgun.
  • Edit default and project work schedules
    • When ‘Edit default and project work schedules’ is checked, people will be able to view and edit project and default schedules.
  • Hide ‘Other’ menu in Project Nav
    • In the Project nav bar, don’t show people the ‘Other’ menu.
  • Hide Saved Filters in Filter Panel
    • People with this permission enabled will not be able to see or turn off any active Saved Filters in the Filter Panel.
  • Manage Project Navigation Bar
    • Allow users with this permission to configure which pages appear in the navigation bar that appears at the top of the project.
  • Create and Save Project Pages
    • Only people will this permission will be able to add new pages to a Project or save existing ones.
  • Can Design and Save Home Page
    • Only people with this permission will be able to make changes and save the legacy Home Page (at one point, everybody had the same customizable Home Page, but now that anyone can choose their own Home Page, this permissions only applies to the original customizable Home Page).
  • Save Filters and Sorting in My Tasks
    • This permission allows someone to save how Tasks are sorted and filtered by default for all people.
  • Save Navigation Pages and Detail Pages
    • Allow users with this permission to save changes to the main project navigation pages and entity detail pages.
  • Save Shared Pages Belonging to Anyone
    • This checkbox preference lets users update and save ‘Shared’ pages belonging to anyone.
  • See Assigned Projects Only
    • People will only see Projects they are assigned, including all data linked to those Projects. To assign a person to a Project, edit the ‘Projects’ field on People, or the ‘People’ field on Projects.
  • Can see Client Notes
    • Only people with this permission can see Notes created by Clients (ClientUsers).
  • See Non-Project Notes
    • If a Person is restricted to only see Projects they are assigned, this option creates an exception that allows them to see all Notes that are not linked to a Project.
  • See Non-Project Tasks
    • If a Person is restricted to only see Projects they are assigned, this option creates an exception that allows them to see all Notes that are not linked to a Project.
  • Set Permissions
    • This checkbox preference requires that the ‘Use Admin Options’ preference is also checked.
  • Can Share Playlists via Client Review Site
    • Only people with this permission can share a Playlist using the Client Review Site.
  • allow “sudo”: perform actions and log events as though logged in as another user *
    • When enabled on a Human User permission group, allows for the “Assume Identity” functionality from a People page. When enabled for an API Permission group, allows for use of the sudo_as_login variable when establishing a Shotgun connection.
  • Can use the Overlay Player
    • Provides quick access to view uploaded media, allows for feedback with notes and annotation tools, and shows other related media.
Follow

6 Comments

  • 1
    Avatar
    Dave Lajoie

    I would like to copy all permissions from one shotgun site to another, do I need to use an API or is there a way to "export"/"import"?

     

  • 1
    Avatar
    Aevar Gudmundsson

    I'd like to follow up on both Kents and Dave questions:

    a) Is there a help website I can find which shows me the documentation for user account permission summaries ( read-only ) through either the Shotgun, or the Shotgun Toolkit API's ?  Wish to query and construct a spreadsheet overview of different roles for comparison.

    b) If I have a pre-existing permission scheme set up on one hosted website, is it plausible to mirror that scheme over to another hosted website without re-entering it manually on the target site?

     

    Thanks for information you can give. 

  • 0
    Avatar
    Kent Wu

    Is that possible to use Shotgun API to query the summery of each role on the Permissions page? Not sure if it's a right place to put this question.

  • 0
    Avatar
    Roman Guro

    Strange guide... I'm happy I can create new Permission role on Permissons page, but where I can find this page? There is no such page on main menu.

    PS: Ok. I found it in the Admin menu by clicking on the Avatar in the upper right corner.

    Edited by Roman Guro
  • 0
    Avatar
    Cindy Rangel

    Hi, I'm trying to set permissions so that artists can comment on other artists versions (videos posted on shotgun for review). Currently all our artists get an error and they are not able to comment.

  • 0
    Avatar
    Patrick Macdonald

    Where do I find the permissions for editing fields of Note entities? (there is not 'Note' entity in the site preferences 'entities' page.

    All fields are greyed out for artists in the Note permissions page.

    Thanks

    p

Please sign in to leave a comment.