Access Control

Manage who can access restricted products

For products with RESTRICTED visibility, you need to explicitly grant access to users. This guide covers all aspects of access control management.

Understanding Access Grants

What Are Access Grants?

Access grants are permissions that allow specific users to view and interact with restricted products.

Grant Properties:

PropertyDescription
User/GroupWho receives access
ProductWhich product they can access
RoleWhat they can do (view, vote, submit)
ExpiryOptional auto-expiration date

Grant Sources:

  • Manual grants by admins
  • Group membership
  • Automatic sync from external systems
  • Self-service requests (if enabled)

Individual Access Grants

Granting Access to a User:

  1. Go to AdminProducts
  2. Select the restricted product
  3. Navigate to Access tab
  4. Click Add User

Configure the Grant:

  • User: Search and select user
  • Role: Choose access level
  • Viewer: View and vote only
  • Contributor: View, vote, submit, comment
  • Full Access: All above + follow
  • Expires: Optional expiration date
  1. Click Grant Access

Managing Grants:

  • View all current grants in Access tab
  • Edit existing grants
  • Revoke access by clicking Remove
  • Filter by role or search users

Group-Based Access

Using Customer Groups:

Create a Customer Group:

  1. Go to AdminUsersGroups
  2. Click Create Group
  3. Name the group (e.g., "Beta Testers")
  4. Add members to the group

Grant Access to Group:

  1. Go to the restricted product
  2. Navigate to Access tab
  3. Click Add Group
  4. Select the customer group
  5. Set the role for all members
  6. Save

Benefits of Groups:

Manage access at scale

Add/remove users from group

Access updates automatically

Easier auditing

Access Roles

Role Definitions:

RoleViewVoteSubmitCommentFollow
Viewer---
Voter--
Contributor
Full Access

Choosing Roles:

Viewer:

  • Can see ideas but limited interaction
  • Good for stakeholders who observe

Voter:

  • Can vote on ideas
  • Useful for prioritization input

Contributor:

  • Full participation
  • Typical for beta testers

Full Access:

  • Maximum permissions
  • For trusted partners

Access Expiration

Time-Limited Access:

Setting Expiration:

  1. When granting access, check "Set Expiration"
  2. Choose end date
  3. Access automatically revokes on that date

Use Cases:

  • Trial periods
  • Beta program duration
  • Partner contracts
  • Seasonal access

Expiration Notifications:

  • Users notified before expiry
  • Admins see upcoming expirations
  • Easy to extend if needed

Bulk Expiration:

  1. Select multiple grants
  2. Click "Set Expiration"
  3. Apply same date to all
  4. Useful for program end dates

Access Requests

Self-Service Access Requests:

If enabled, users can request access:

User Flow:

  1. User sees restricted product listed
  2. Product shows "Request Access" button
  3. User submits request with reason
  4. Admin reviews and approves/denies

Admin Configuration:

  1. Go to product settings
  2. Enable "Access Requests"
  3. Optionally require justification
  4. Set default role for approved requests

Managing Requests:

  • View pending in AccessRequests
  • Approve or deny with one click
  • Add optional response message
  • Bulk approve/deny available

Access Auditing

Tracking Access Changes:

Audit Log:

All access changes are logged:

  • Who granted/revoked access
  • When it happened
  • What role was assigned
  • Source (manual, group, automatic)

Viewing Audit:

  1. Go to product Access tab
  2. Click Audit History
  3. Filter by date, action type, or user

Regular Audits:

Weekly:

  • Review new grants
  • Check for unusual patterns

Monthly:

  • Verify all grants still needed
  • Remove departed users
  • Update group memberships

Quarterly:

  • Full access review
  • Align with security policies
  • Document exceptions

Bulk Operations

Managing Access at Scale:

Bulk Import:

  1. Download CSV template
  2. Fill in user emails and roles
  3. Upload to product Access tab
  4. Preview and confirm

CSV Format:

email,role,expires
user1@email.com,contributor,2024-12-31
user2@email.com,viewer,

Bulk Revoke:

  1. Select multiple users
  2. Click "Revoke Access"
  3. Confirm action

Bulk Role Change:

  1. Select users
  2. Click "Change Role"
  3. Select new role
  4. Apply to all selected