This feature is only available for the price plan Enterprise.
Account Permissions
Oneflow introduces a new feature for enterprise customers, allowing you to create customized administrator roles. This enables you to specify which account-level admin functions they can access.
These features are made to enhance security and control with custom administrator roles in Oneflow. Also to tailor access to match organizational needs, streamline workflows, and ensure only the necessary personnel have access to sensitive data and processes.
| How it worked in Oneflow before | How it works in Oneflow now |
|
|
INFORMATION
Non-enterprise customers will only have one default administrator role that have access to all account functionalities.
New administrator tab - Account access
This new view allows you to grant account access and provides an overview of all users with access to the administrator functions.
- Navigate to Admin > Account access.
There is a predefined system role called Administrator that cannot be edited. This role has all admin permissions. Users with the Administrator role have full access to administer the account and are marked with this specific symbol. |  |
NOTE
A user can have access to multiple account roles simultaneously, combining all their associated rights.
Account and workspaces roles
There are now two different types of access area roles with different permissions:
- Workspace roles: These have always existed and come with 25 permissions.
- Account roles: This is a new addition with 12 permissions.
You can create your own custom account and workspace roles.
Create a New Account Role
- Go to Admin > Roles > Click on + Create Role.
- Select the access area (workspace or account role) > Choose a role name > Create role.
- Click on action menu > Edit permissions > choose what permissions should be set > Confirm.
Below you will find examples on how you can utillize account permissions.
 |  |
 |
Direct and Group Access
Similar to workspaces, you can choose to grant a user an account role directly or through a group. For instance, if you have a large finance team where everyone should have account roles X, granting group access is more efficient than assigning the role individually.
Direct AccessProvides direct account access for one user.
|  |
 | Group AccessProvides account access to a group of users.
|
Access Area
You can create roles based on two access areas: account and workspace. As mentioned they have different permissions.
When you're in Admin > Roles, you can see which role belongs to which access area. There are three roles marked with a lock; these are predefined system roles and cannot be managed, hence the inaccessible action menu.
NOTE
You can create a custom workspace role that can do all of the manager AND admin responsibilities.
New workspace permissions
There are two new workspace permissions. With these, you can give a user with account access administrative controls for individual workspaces.
These new permissions can change:
- The details, branding and data retention tabs. Also lets you delete empty workspaces.
And/or - Add or remove access to workspaces.
Administrator Rights
Anyone with any admin rights will have view access to the Account overview tab & see the Account ID, Oneflow advisor and the plan. |  |
 | Users with custom administrator access roles will see the tabs relevant to them. |
Limitations
Certain permissions for both "account" and "workspace" roles will allow users to view tabs in the admin view without granting them the ability to manage those tabs.
NOTE
If a user has access to creating, editing, or deleting anything regarding user permissions, that user will have implicit view access to all the users, workspaces, roles, and groups tab. They will still only have be able to manage the exact tab relevant to their rights.
For example, a user who has workspace administration rights, will have implicit view access to these tabs. |  |