Crunch has two dimensions of permissions in Crunch, User Management and Edit Datasets:
- Manage Users — Users with this permission can include either Organization Members or Clients. An Organization Member is a user who works at the organization who owns the data. A Client is a user who receives data as a client of the organization. This permission grants users access to add, remove and modify access to a folder (including datasets and subfolders saved in the folder).
- Edit Datasets — Users with this permission can only be Organization Members. This permission grants users access to edit data and manage branding at the folder level. Users without Data Management permission have view only rights to data.
The following describes the various permission roles at Crunch:
- Administrator — An Administrator has Manage user and Edit datasets permissions as well as some additional permissions related to managing users and global branding such as PowerPoint templates and logos.
- Manage Users — a user with Manage users permission is a trusted person who can manage which other users have access to a folder and the users’ permission level on the folder. Organization users with Manage users permission can manage other organization users and client users. Client users with Manage users permission can only manage other client users.
If a user does not have Manage users permission, they are not granted any of the above described permissions.
- Edit Datasets — Only organization members can be granted Edit datasets permission. These users can create public artifacts (variables, decks, multitables, filters, new datasets and more), create public dashboards, use Crunch Automation and create folder homepages.
- Any users who have access to a folder but are not granted Edit datasets permission have access to view and share datasets, folder homepages, and public artifacts. These users can see data and create private artifacts.
Permission dimension comparison
The following grid outlines what combinations of User Manager and Data Manager permissions are possible in Crunch.
*Organization users with Manage Users permission have access to grant themselves Editor access to a folder.
Users with the Manage Users permission can manage user access to folders. Both an Organization Member and a Client can be designated as a Folder Administrator, but their permissions vary as outlined in the grid below. If an Organization Member or Client users are not granted the Manage Users permission, the user will not have any of the Manage Users permissions-- but they will still be able to share a folder with another user.
It is also important to note that Organization Members have access to all users while Client users only have access to other Client users.
|Permission||Organization Member Manage Users||Client Manage Users||NO Manage Users permission (Both Organization and Client Users)|
|Create new Organization users||✓|
|Create new Client users||✓||✓|
|Invite existing users to a folder||✓||✓||✓|
|Grant Manage Users permission on a folder||✓||✓|
|Remove someone from a folder (Delete if no other folder access)||✓||✓|
|Create new folders|
User management case study
ABC Company has a large number of employees who need to access Crunch on a regular basis. They are a growing company and continue to hire new employees. Occasionally, existing employees leave the company as well. ABC Company also has a growing number of clients who use Crunch to receive datasets and artifacts. Their clients range from small family businesses to large corporations with many employees.
There are two users designated as the Administrators for ABC Company. These two employees have full access to Crunch. They can add new users in Crunch — both employees of ABC and customer users. The two Administrators are very busy and don’t have time to manage all user accounts in Crunch so they grant their team leaders access to manage users in Crunch with the Manage Users permission. The team leaders can now invite new employees to use Crunch and give them access to certain folders with datasets and artifacts. Conversely, the team leaders can remove a user's access to a certain folder with datasets and artifacts if needed.
Once data and artifacts have been prepared for customers, the team leaders grant access in Crunch to their customers. Sometimes the team leaders need to reach out to the customers to confirm which users at their organization should have access to the data. This is sometimes cumbersome so the team leaders typically grant one or two of their customer users with the Manage Users permission so they can reduce confusion and quickly share data with their customers, who can quickly share the data with their appropriate staff members. The customer user managers can manage which of their staff have access to each folder, but do not have any visibility as to who at ABC Company have access to the folders.
The Edit Datasets permission gives users the ability to view and edit data and manage branding and formatting at a folder level in an organization. Only an Organization Member can be granted Edit Datasets permission.
- Only Organization Members can be granted Edit Datasets permissions.
- Users who have access to a folder but are not granted Edit Datasets permissions will have access to view datasets, homepages, and public artifacts (such as dashboards and filters).
The user may or may not also have the Manage Users permission as well.
|Task||Permission||Edit Datasets||All Users|
|Manage folder (templates & branding)||Control PowerPoint templates, logos, & branding at a folder level||✓|
|Data viewing & editing access||Make folder homepage||✓|
|Create new folders||✓|
|Import new datasets||✓|
|Create public artifacts (dashboards, variables, filters, multitables, & decks)||✓|
Edit Datasets case study
Continuing the example with ABC Company from above, certain employees need permission to edit data and share public artifacts and dashboards. Employees who need access to edit data should be granted Edit Datasets permission. This will give them permission to make folder homepages, create new folders, move datasets from one folder to another, and create public artifacts. All other employees who need to see the data should not be granted Edit Datasets permissions.