Gluu

Documentation
View Categories

Permission and visibility basics

2 min read

Goal: Understand default user rights, process-level permissions, and how to grant account-wide rights via Permission Groups.

As a starting point any Gluu user can view and comment on any public process or work instruction. This is line with Gluu’s mission of engaging business users. Engagement requires transparency and understanding of how the organisation works.

Next level is ‘members only’ processes where processes are private and only shared with users that have a role in the process. So permission and visibility is granted on a process-level. You can fully edit a process that you own or edit – but only this.

From this starting point administrators and Process Owners or Editors can grant further universal permissions. This overview covers the basics of this task. In short, ‘Permission Groups’ decide what users can do and ‘User Profiles‘ decide which features users can see. The two have to be used in combination.

Default permissions #

All licensed users can view and comment on Public processes.

  • Search, read, view and comment on processes unless visibility is restricted.
  • View and comment where they are Process members (they have a role on the process).
  • Set up tasks and cases where they are members (with Gluu’s Advanced plan).
  • Complete tasks where they are members (with Advanced plan).

Process-level permissions #

  • Process Owner: always see, edit, remove.
  • Process Editor: same as owner.
  • Process Member: see when visibility is Members or Public.
  • Everyone else: see only if process is live and public (not private/frozen).

Use permission groups #

Assign users to groups to grant rights account-wide across all processes—ideal for process excellence teams and admin helpers. Standard rights groups can be assigned, not edited. Custom permission groups allow custom scoping.

Gluu permission groups

Account Owner permissions #

The owner of the account has all rights above plus billing and plan management. To view/change owner, go to Account settings.

Standard permission groups #

Below you can see standard permission groups by recommended user type allocation:

For the Core Team #

Process Excellence, Enterprise or Business Architecture.

  1. Manage account – assist Account Owner with general admin.
  2. Manage processes – edit any process and work instruction; create anywhere; manage categories/groups.
  3. Manage drawings – create/edit business architecture drawings; control menu visibility.
  4. Manage labels – create/edit labels.
  5. Manage user permissions – assign members to groups; create custom permission groups.

And sensitive ones to consider for only two trusted users (the Account Owner already has this):
Copy from accountclone processes between accounts.

For HR Managers #

  1. Manage users – add/edit/delete users and assign roles.
  2. Manage roles – maintain the reusable role library.

For functional heads / overall process owners or editors #

The following are assigned to employees responsible for multiple processes:

  1. Create new processescreate a process in the hierarchy.
  2. Manage components – create/edit components.
  3. Manage forms – create/edit forms.

Assign users to group #

  1. Go to Account settings > Permission Groups.
  2. Select the group.
  3. Click Add member and choose the user.
  4. Save.

After using the standard permission groups and profiles, you may still need finer control by department, site or external consultants. Custom permission groups handle this:

Category and Group-based permissions #

Limit access so selected users only see and/or edit processes in chosen Categories or Groups. Aim for each user to belong to a single permission group where possible.

Limit access: setup steps #

First, go to Roles > Permission Groups.

Permission groups list

Second, add a new permission group and configure:

  1. Name and description.
  2. Add one or more Categories or Groups users should see.
  3. Add a deny on everything else (Not specified).
Permission rule setup

Tip: “Not specified” means everything not explicitly mentioned in your steps.

Limited Process Managers #

Grant editing rights for specific areas via permission groups (instead of global Process Manager rights). Useful for external consultants or a process excellence team with defined scopes.

Editor scope by area

Complex access (multiple groups) #

When needs overlap, assign users to multiple permission groups—their permissions combine. Use this sparingly to keep access simple.

How to set up complex access #

Create a base group that denies everything for all users:

Create additional groups that grant access to specific Categories or Groups, then assign users to the combinations they need:

Updated on 03/10/2025
Compliance Process Governance

Did this answer your question?

  • Happy
  • Normal
  • Sad