Overview
Admins can view and manage access to Harvey functionality across their workspace using the Users and Roles pages.
Users Table: Manage and review user permissions, including which users have access to specific features and which features a specific user can access. This also involves changing the assigned role, typically between admin and user.
Roles Table: Manage and review the definition of roles, such as the permissions assigned to all admins or all basic users.
Users Table
Note: Although Harvey can control access to workflows in general, we do not support managing access to individual workflows at this time.
Admins can view, manage, and export the permissions of any user in the ‘Users’ table under Admin Settings.
Role: Each user must be assigned a role (e.g. ‘User’ or ‘Admin’), defining their default permissions.
Extra Permissions: Admins can also grant additional permissions to individual users, enabling early feature access or customized permissions without creating new roles.
Filtering Users by Role or Permission
To filter users by Role or Permissions:
Click on ‘Filters.’
Click on the filter dropdown for Role or Permissions, and check the boxes for the desired Roles or Permissions. Once selected, these will take immediate affect.
The list of users that have the selected role and all the selected permissions.
Granting Permissions to Users
To grant permission to a user or a subset of users:
Select the users in the Users table.
Click ‘Manage Permissions’ and choose the permission to grant under the ‘Add Permissions’ toggle. If all selected users already have that permission, it will not appear in the list.
Click ’Add Permissions’ to grant the selected permission to all users. It will then appear in the extra permissions column for these users.
Revoking Permissions from Users
To revoke a permission from a user or a subset of users:
Select the users in the Users table.
Click ‘Manage Permissions’ and choose the permission to grant under the ‘Remove Permissions’ toggle. If all selected users already have that permission, it will not appear in the list.
Click ’Remove Permissions’ to grant the selected permission to all users. It will then appear in the extra permissions column for these users.
Modifying a User's Role
To modify a user's assigned role:
Search for the user you want to update.
Click the dropdown in the 'Roles' column and select the new role.
Confirm the permission changes via the popup by clicking ‘Update role.’
In cases where the user will lose permissions moving from one role to the other, select which permissions are to be retained via the checkboxes, then click ‘Update role.'
The changes will apply immediately.
Roles Table
Note:
When a new user account is created, it is assigned the User role by default.
Also, when permissions are modified in a role, the changes immediately apply to all users with that role, ensuring consistent access management across the workspace.
Admins can view and manage role definitions from the 'Roles' tab under Admin Settings.
Default Roles: Workspaces will already have Admin and User roles created by default. When a new user account is created, it is assigned the User role by default.
Additional Roles: Workspace admins can create an additional 5 custom roles.
Assigning Permissions to Roles
Note: If a workspace does not have access to unlimited Vault seats, they will not be allowed to assign vault access to a role - i.e. Vault access can only be granted on a per-user level.
To assign or remove permissions from roles:
Navigate to the 'Roles' tab in Admin Settings.
Check the boxes next to each permission you want to grant to the role, then click ‘Save’. All changes will then be applied immediately to those roles.
Revoking Permissions from Roles
To revoke permissions from roles:
Navigate to the 'Roles' tab in Admin Settings.
Uncheck the boxes next to each permission you want to revoke from the role, then click ‘Save’. All changes will then be applied immediately to those roles.
Creating Custom Roles
To create a new role:
Click on ‘Create role’ from the Roles table.
Note: Admin and User roles already exist as default.
Name the role, enter a description, and choose if you wish to create the role with base role permissions applied.
Click ‘Add.’ The new role will be added immediately and visible in the Roles table.
Renaming Custom Roles
To edit a role:
Click on the arrow next to the role you wish to edit, and select ‘Edit role.’
Note: Only custom roles can be renamed.
Enter a name and/or description and click ‘Submit.’
Deleting Custom Roles
To delete a role:
Click on the arrow next to the role you wish to edit, and select ‘Delete role.’
Note: Only custom roles can be deleted.
If there are currently users assigned to this custom role, select the new role these users should be re-assigned to.
Click ‘Reassign and Delete’.
FAQs
Q: Why do we need extra permissions?
Extra permissions grant specific users additional access beyond their role without upgrading their entire role. This enables precise control over permissions for early access features or limited admin capabilities, such as restricting access to library or integration management without granting full workspace privileges.
Q: Can I create custom roles for my workspace?
Workspace admins can create up to a maximum of 5 custom roles by default. Please reach out to Harvey support via [email protected] if the creation of additional custom roles is required.
Q: Which users have the ability to edit user permissions and roles?
Admins with access to the “Edit Permissions” bundle will be able to edit user permissions and roles. This includes the ability to give other users the ability to edit permissions. We recommend limiting this access to a select few users for better permission control.
Q: Will extra permissions granted to a user be retained even when the role of a user changes?
In general, when a user’s role is changed, they will keep any ‘extra’ permissions they currently have. Admins will have the option to allow these users to keep or lose ‘extra’ permissions assigned as shown below:
For further assistance, please contact [email protected]