Roles and permissions

Formsort accounts are organized according to roles and permissions, in order to maintain the integrity of your form flows across team members, as well as to clearly delineate responsibilities across the team.

Examples of roles include, for example, Owner, Administrator, Deployer, Designer, and Engineer. Roles are associated to specific permissions such as Archive or delete flows, or Create or update themes. By assigning team members' accounts to different roles, you can control exactly which actions in the platform are available to whom.

The current list of permissions is as follows:

deploy_production: Deploy a variant revision to any production environment.
create_new_variant revision: Deploy a variant revision to any non-production environment. 
update_traffic_pattern: Change the traffic pattern of deployed variants within a flows.
update_environment: Create new environments or save new revisions of existing environments.
update_domain: Add, update, or remove domain names.
delete_flow: Archive or delete flows.
delete_variant: Archive or delete variants.
update_theme: Create or update themes.
switch_theme: Switch the theme for an existing variant.
update_credential: Create new credentials for integrations.
view_accounts: Retrieve the full list of accounts.
suspend_account: Suspend other accounts (listed as "delete" account on Owner page)

These permissions are associated to the following roles:

Owner
Admin
Deployer
Designer
Engineer
Editor
Viewer

create_new_variant revision

βœ“

βœ“

βœ“

βœ“

βœ“

βœ“

update_environment

βœ“

βœ“

βœ“

update_domain

βœ“

βœ“

βœ“

update_credential

βœ“

βœ“

βœ“

update_theme

βœ“

βœ“

βœ“

switch_theme

βœ“

βœ“

βœ“

deploy_production

βœ“

βœ“

βœ“

update_traffic_pattern

βœ“

βœ“

βœ“

delete_flow

βœ“

βœ“

delete_variant

βœ“

βœ“

view_accounts

βœ“

βœ“

billing_access

βœ“

βœ“

suspend_account

βœ“

A user can create new accounts with the same or fewer roles than themselves.

Role Organization

Roles are organized according to a hierarchy, visualized in the diagram below. At the top-level of the hierarchy is the Owner, meaning that the Owner has access to all permissions associated with all roles under it. Moving down the hierarchy, we have the Admin: the admin has access to all permissions except permissions specific to Owner, such as the ability to Suspend other accounts. The same rule applies at any level of the hierarchy: a given role has a subset of the permissions of the roles higher on the hierarchy, a superset of the permissions of the roles lower.

Hierarchical Model of Roles in Formsort

The platform does not contain an explicit Viewer role. Rather, all users on Formsort have the permission to view flows, by default.

Adding roles and permissions

A given permission can only be granted by a user who already has that specific permission. In other words, a Deployer can grant another user with Deployer permissions, a Designer with Designer permissions, and an Engineer with Engineer permissions. However, a Deployer cannot assign a user with e.g. Engineer or Admin permissions.

Managing response access with user groups and access policies

Formsort allows you to control who can access response data using user groups and access policies.

User groups

User groups let you grant response access to multiple users at once. Instead of manually managing access for individual users, you can create a group and apply it to one or multiple forms.

  • User groups are managed in the Admin Workspace settings.

  • Any user added to a group with response access will automatically have read, tag, and download permissions for the assigned forms.

Formsort user groups

Access policies

You can create an access policy at both the form level and in the Admin Workspace settings.

To create an access policy, you must define:

  • A user or user group that the policy applies to.

  • The resource (form) that the policy applies to.

Since all users with response access can read, tag, and download responses, access policies simply determine who can access responses for each form.

Formsort access policy

Last updated

Was this helpful?