Controlling access with security permissions

We encourage you to familiarize yourself with how the security permissions in IT Glue work.

What makes up a user's permissions

User permissions are the total permissions from various security permissions assigned to individual user accounts and groups.

When IT Glue determines a user's permissions, it considers the following:

Organizations Organizations are secure containers for all of a business's assets. Each organization is private, visible only to those users who have been explicitly granted access to it.
Groups Groups are used to manage groups of users for easy administration of organization and asset security permissions, and also to block access to specific asset types. Individual users who are members of a group will inherit the permissions assigned to the group.
Roles Roles are used to define how signed-in users can interact with the data in your account. All users must be assigned to one pre-defined role. For more information, see About roles and permissions.

Who can set a user's permissions

The Account tab is where all of the top-level permissions are set, e.g. creating users and groups, denying group access type permissions, and managing organization permissions. You can't see the Account tab unless you have a Manager or Administrator role.

Keep in mind that Managers may have only limited access to some Account features. For example, they can only manage groups that they themselves are a member of. Administrators, on the other hand, have free rein of all Account settings.

Restricting users to specific asset types

One of the newest options you have for controlling the access users have to information is to add them to a group and then deny their access to one or more asset types. You must be an Administrator to set this up. For instructions, see Adding groups / group members

Example scenarios:

Managers – You’ve hired a new manager, Julie, who needs access to most assets across all clients. In this scenario, you would give her access to all organizations and add her to all groups, except those that have denied asset types.

Tech Team – You’ve hired a new intern and level 1 technician, Craig, and added him to the "Tech" group. This group gives Craig permissions to view and edit client financial and agreement information, which you don't want. In this scenario, you could create an "Interns" group for the purpose of denying access to the specific asset types you don't want Craig to access.

Clients/Contractors – You’ve signed with a new client “Happy Frog” and you want the CEO John to have read-only access to the types of information that clients often request. In this scenario, you would grant John access to Happy Frog (with a Lite role) and then add him to a "Clients" group that makes only a specific set of asset types visible to John and other clients.

Assigning permissions to an asset

For every asset created in IT Glue, there is a set of permissions that provides access to that asset.

Anyone with a Creator or above role can assign user and group permissions to an asset.

Default permissions

When you create an asset in IT Glue, the asset will have the same permissions as the organization in which the asset is located. This is the default for all assets, and you should generally keep the default permissions of assets that are not sensitive to disclose within the organization.

Explicitly set permissions

For sensitive information, you can choose to limit/restrict access to an asset, so that only certain individuals or groups have permission to access it.

For more on setting permissions, see Editing an asset's permissions.

Auditing permissions 

The Global section of your account can be used to audit security permissions across organizations. From Global > Assets, you can navigate to any type of asset to see data across all organizations.


Note that when viewing the Documents list view, the Public column allows you to see at a glance which documents are public.


In addition, from time to time, something happens that requires you to answer the ”who did it?” question. There are a few different ways you might look for the answer depending on the nature of the change:

  • Activity logs - See who created, edited, viewed, or deleted data.
  • Passwords accessed reporting - Run a report that lists all passwords that have been accessed by a specific user.
  • Revision history - View the revision history of an asset to see who has made changes and, if necessary, go into the version history to revert the changes.
Was this article helpful?
9 out of 12 found this helpful