On the Enterprise Plan, users in a Ditto workspace can create and manage custom permission groups to restrict access to resources in their workspace.
Permission groups allow restricting users by both resources and access level:
By resource — For any custom permission group, you can restrict its access to specific folders (project or component) in your Ditto workspace
Access level (edit/comment) — For any folder the permission group has access to, you can further restrict the level of access to edit or comment access.
Users can be in multiple permission groups. In the case where a user is in multiple permission groups, the user will receive the highest level of permissions between the groups for each resource it has access to. A user must be in at least 1 permission group.
Default Permission Groups
In every workspace, there are 3 default groups. The permissions of these 3 groups can not be edited. These groups have access to all projects and components in the workspace.
Admin — Members have edit access to all projects and components. Members can also create and manage permission groups and remove other users.
Editor — Members have edit access to all projects and components
Commenter — Members have comment access to all projects and components
Users do not need to be in a default group, but they can not be in more than 1 default group.
You can restrict a permission group to any resource that’s organized in a folder in Ditto. If a user does not have access to a resource, it will not be visible to them in their workspace.
Coming Soon: Variants, Variables
Creating a Permission Group
To create a permission group, admins can navigate to the “Permissions” tab of their Account settings. Here, admins can determine the folders they want to provide edit or comment access to for the members of the permission group. They can also add or manage group members.
Interacting Permissions — Projects & Components
Sometimes, a user can have different levels of permissions between projects and components. Because projects and components interact, it can be helpful to understand how mixed permissions allow for different types of actions within projects.
If a user has comment access to a project, they will not be able to attach components in the project.
If a user has edit access to a project: • They will be able to attach any component they have access to (edit or comment). • They will be able to edit any component they have edit access to. Like any other component edit, this will sync across all instances of the component. • They will be able to detach any component. • They will be able to create components from text in the project into any component folder they have edit access to.
Example Use Cases
Permission groups can be helpful in many different situations where you want to limit access within a workspace:
Permission groups for different teams — this can be especially helpful when individual teams work on different product areas within a company
Separating component creators/maintainers with component users — because components are so powerful and synced across different locations, it can be helpful to give edit access to those familiar with the creating of components (i.e. writers) and comment access to anyone that may use them (i.e. designers)
Fine-grained permissions for different roles — whether it’s for designers, writers, developers, compliance or marketing, teams can determine the intended access and actions of specific roles using permission groups