Permissions for users

Hi everyone,

I have to say that I struggle a lot with managing permissions for users, on every aspect of it. It is not user friendly to say the least. I cannot see logic in the relation. I tried to give our HR manager a permission to change status of the users from enable to disable and back - failed. No idea how I can achieve it without giving her full admin

Now I am fighting on a simple thing like give an artist an ability to change the status on the notes for the project he is in. The thing is that the notes are quite often put on the Shot level, producers do not go deeper to note for a task since it’s not practical and some of the notes are for multiple tasks within the shot.

Under People Permissions / Artist / Field Permissions / Note / Status everything is checked on. Still an artist cannot do that.

Anyone can help shed some light onto that, thanks in advance

6 Likes

Hi @Flint78, thanks for posting. Permissions is admittedly a complex and confusing area of Shotgun. There is a lot of power and flexibility in our permission system, but not all of it is exposed to you as the admin on the user side, and the UI can be difficult to navigate.

I think what you are struggling with, in both cases, is the fact that many of our built-in permission groups have some under-the-hood conditional permissions baked in. For example, the Artist group is allowed to create Notes, to reply to any note, and to add people in the CC field for any note, but they are restricted on all other fields to only be able to edit metadata for Notes they themselves created. This follows a similar pattern in the Artist group, where they can see most everything in the Project, and edit things they created themselves, but are given fairly limited edit permissions.

With the HR manager and changing Person status, we have locked down editing of Status on People to be restricted to Admins by default. This is because changing status on People affects billing (based on your active user count), so we are conservative about who we allow to do this out-of-the-box.

Unfortunately we have never undertaken the sizable project of making conditional permissions like this editable by you, the Admin on the client side. Not only is this a very large and complex undertaking, but it would be challenging to build in enough safeguards to prevent creation of conditional rules that lead to performance problems, or unforeseen errors or UI rendering issues that would diminish the user experience in SG. I do appreciate that this limitation can be frustrating at times.

Creating or editing custom conditional permissions is something we can do for our clients subscribing at the Super Awesome support tier. This is not restricted just to create an upsell opportunity, it is just that rules like this tend to require ongoing maintenance and tweaking over time, and of course any tweaks need to be done by our support team since there is not client-facing UI for it. So there is an added, ongoing support burden created there, in most cases.

That said, if you are limited by a conditional permission that ships with Shotgun, like the situations you describe here that are both fairly quick changes on our end, we will typically make those adjustments without requiring any sort of support upgrade. We also will occasionally adjust the default behavior in our new site templates, if we find that we are commonly hearing that clients would prefer a different approach. In the end, we want the permission system to give you exactly the access levels and behavior you require.

If you would like to send me a direct message letting me know your site URL, I would be happy to go in and update your site with the behaviors you describe here. Sorry again for the frustration.

As a follow-up to this, we would love to hear from you (and anyone else who would like to chime in) if there is an example of a really powerful and easy-to-use permissions system out there. I personally have not used many that have struck the right balance there - I think it is a very difficult thing to achieve. But it would certainly help us as we plan what the future of what Shotgun looks like, if we can hear more from you, our clients, about how you would like to see all this work ultimately.

10 Likes

Just to close the loop here, @Flint78 and I connected offline, and we got these permissions issues sorted. I’ll be chatting with him next week to give a little more insight on how permissions work, and what the limitations are. Thanks again for posting @Flint78!

6 Likes

I am interested in this tidbit:

notes are quite often put on the Shot level, producers do not go deeper to note for a task since it’s not practical and some of the notes are for multiple tasks

Presumably if gone unchecked, all Notes would end up on the Project entity :wink:


It would seem that an existing Shotgun feature is not being used? When a Note must apply to two or more Tasks, there’s a dialog for checkbox-selecting the Tasks are to be linked to the Note.

However, I find that this doesn’t end up being viable:

  • Notes end up having to be split apart into small pieces based on what Tasks they apply to;
  • coordinators tend to be rightfully overwhelmed at the chore of taking everyone’s Notes for them.

Better idea

If the studio culture is such that all artists enter their own Notes then you get a few benefits for free:

  • the artists, by putting the Note in their own words, show if they understand the directions given to them
  • there’s less tedious data entry for the small, overworked coordinators (who are in effect, translating the directions from the supervisor into coord-speak, and then the artist has to re-translate that back to the original language)
  • artists become more engaged with Shotgun, and more importantly: actively participate in production tracking (their own!)
  • supervisors/leads can respond to the artists directly, which improves teamwork
  • coordinators/producers can focus on the orchestration of the production, rather than minutia.
5 Likes