Integration Access Scoping

Learn how to control who can create and use integration connections

πŸ“·

Requires an upgraded subscription

This feature is available with our Team and Enterprise plans. View our plans or book a demo for more details.

You can control which users can view integration connections and how they're able to interact with them by assigning integration role permissions via a custom workplace role or by directly applying them to a user or group from the integration management page itself.

Permissions

There are several custom role permissions related to integration access scoping.

Workplace Role Permissions

CollaboratorAdminOwner
View All Integration Connectionsβœ…βœ…βœ…
Use All Integration Connectionsβœ…βœ…βœ…
Manage All Integration ConnectionsβŒβœ…βœ…
Create Integration ConnectionsβŒβœ…βœ…

Having "View All Integration Connections" essentially amounts to having the "Viewer" integration role on all integrations. "Use All Integration Connections" provides the "Consumer" integration role. "Manage All Integration Connections" provides the "Admin" integration role. To limit users to manually assigned permissions, you can use a custom role without any of the above permissions and add users and groups to an integration connection directly.

🚧

Workplace roles will override the integration role assigned to them at the integration connection level (highest privilege wins). For example, if a user with the "Collaborator" workplace role is assigned the "Viewer" or "None" integration role, they will still effectively have the permissions of the "Consumer" integration role due to the workplace role permissions the user has. For more fine-grained control, you'll want to use custom roles.

Project Role Permissions

The project permission is what allows a user to create syncs using the integration connection. Although not specifically related to integration access scoping, the user will not be able create or manage syncs unless granted this permission by their role.

NoneViewerCollaboratorAdmin
Manage SyncsβŒβŒβœ…βœ…

Integration Role Permissions

When adding users or user groups to an integration connection, you can assign an integration role.

NoneViewerConsumerAdmin
View Integration Connection DetailsβŒβœ…βœ…βœ…
Create Integration SyncsβŒβŒβœ…βœ…
Manage Integration ConnectionβŒβŒβŒβœ…

Assigning integration roles

To assign roles for an integration:

  1. Browse to the Integrations area of the dashboard.

  2. Find the integration connection you want to assign access for and click into the detail view.

  3. Scroll down to the Member Access area of the detail view and click the + button to add additional users or user groups.

    πŸ“˜

    Users who already have access due to their workplace role may already show up here and won't be removable without first adjusting their role. You can adjust the integration integration role assigned to these users, but you can't decrease their access below what their workplace role is already providing. However, you can increase it (e.g., "Consumer" to "Admin").

  4. Add the users and/or user groups you want to add to the integration and the integration role you want to assign them and then click the Add Members button.

Removing integration roles

To remove integration access for a user:

  1. Find the user in the Member Access area.

  2. Click the red Remove link to the right of them.


    πŸ“˜

    If the user has access to the integration from their workplace role, then the Remove link will be grayed out and unavailable.