Access Control

What Are Access Grants?

Access grants are permissions that allow specific users to view and interact with restricted products.

Grant Properties:

Grant Sources:

• Manual grants by admins
• Group membership
• Automatic sync from external systems
• Self-service requests (if enabled)

Granting Access to a User:

1. Go to Admin → Products
2. Select the restricted product
3. Navigate to Access tab
4. Click Add User

Configure the Grant:

• User: Search and select user
• Role: Choose access level
• Viewer: View and vote only
• Contributor: View, vote, submit, comment
• Full Access: All above + follow
• Expires: Optional expiration date

1. Click Grant Access

Managing Grants:

• View all current grants in Access tab
• Edit existing grants
• Revoke access by clicking Remove
• Filter by role or search users

Using Customer Groups:

Create a Customer Group:

1. Go to Admin → Users → Groups
2. Click Create Group
3. Name the group (e.g., "Beta Testers")
4. Add members to the group

Grant Access to Group:

1. Go to the restricted product
2. Navigate to Access tab
3. Click Add Group
4. Select the customer group
5. Set the role for all members
6. Save

Benefits of Groups:

✓ Manage access at scale

✓ Add/remove users from group

✓ Access updates automatically

✓ Easier auditing

Role Definitions:

Choosing Roles:

Viewer:

• Can see ideas but limited interaction
• Good for stakeholders who observe

Voter:

• Can vote on ideas
• Useful for prioritization input

Contributor:

• Full participation
• Typical for beta testers

Full Access:

• Maximum permissions
• For trusted partners

Time-Limited Access:

Setting Expiration:

1. When granting access, check "Set Expiration"
2. Choose end date
3. Access automatically revokes on that date

Use Cases:

• Trial periods
• Beta program duration
• Partner contracts
• Seasonal access

Expiration Notifications:

• Users notified before expiry
• Admins see upcoming expirations
• Easy to extend if needed

Bulk Expiration:

1. Select multiple grants
2. Click "Set Expiration"
3. Apply same date to all
4. Useful for program end dates

Self-Service Access Requests:

If enabled, users can request access:

User Flow:

1. User sees restricted product listed
2. Product shows "Request Access" button
3. User submits request with reason
4. Admin reviews and approves/denies

Admin Configuration:

1. Go to product settings
2. Enable "Access Requests"
3. Optionally require justification
4. Set default role for approved requests

Managing Requests:

• View pending in Access → Requests
• Approve or deny with one click
• Add optional response message
• Bulk approve/deny available

Tracking Access Changes:

Audit Log:

All access changes are logged:

• Who granted/revoked access
• When it happened
• What role was assigned
• Source (manual, group, automatic)

Viewing Audit:

1. Go to product Access tab
2. Click Audit History
3. Filter by date, action type, or user

Regular Audits:

Weekly:

• Review new grants
• Check for unusual patterns

Monthly:

• Verify all grants still needed
• Remove departed users
• Update group memberships

Quarterly:

• Full access review
• Align with security policies
• Document exceptions

Managing Access at Scale:

Bulk Import:

1. Download CSV template
2. Fill in user emails and roles
3. Upload to product Access tab
4. Preview and confirm

CSV Format:

email,role,expires
user1@email.com,contributor,2024-12-31
user2@email.com,viewer,

Bulk Revoke:

1. Select multiple users
2. Click "Revoke Access"
3. Confirm action

Bulk Role Change:

1. Select users
2. Click "Change Role"
3. Select new role
4. Apply to all selected