Detailed Access Control
User Account Types
Admins
Admins are the “super users” who have all the permissions and access to all the data within your account. Admin users, generally speaking, have full access to all objects and functionality and can see and do almost everything in your account. When admins create new objects in DonorPoint they are the owners of those objects.
If you are creating admins on your account they do NOT need to be added as users first.
Users
Users are the ‘ordinary’ staff users of your account. Users in DonorPoint require permissions, either on their individual account or via User Roles, to see information and perform tasks in DonorPoint. Users can log in to pages, catalogs, and community fundraisers to access ‘private’ features like hidden or expired items on the form, hidden payment options (e.g. payroll or bill me). Users cannot create or own objects in DonorPoint unless they are given specific permissions to do so.
Community User Accounts
Community User Accounts can be created individually for your staff members or imported from a file from the User Accounts view in DonorPoint. Community users can log in to pages, catalogs, and community fundraisers to access ‘private’ features like hidden or expired items on the form, or hidden payment options (e.g. payroll or bill me). For example, this enables you to grant front-of-house staff the ability to take phone or in-person transactions for an event after its online sales have closed without giving them access to the DonorPoint/admin back-end.
Community Users as Team Members in Community Fundraisers
Community User Accounts for the Team Members of Community Fundraisers can be created individually or imported from a file from the User Accounts view in DonorPoint. They can also be created from within a community fundraiser when a person starts or joins that fundraiser. For community fundraisers that are open to the public this is done through a “Join” button on the public Community Fundraiser page. For community fundraisers which are not open to the public, the person will receive a link to “Join” when they are invited via an email generated through DonorPoint.
Community User Accounts for Team Members in Community Fundraising campaigns automatically get access to a dashboard for their own fundraiser.
Employees as Community Users in Workplace Campaigns
Community User Accounts for Employees in Workplace Campaigns can be created individually or imported from a file from the Organization editor in DonorPoint.
Community User Accounts for Employees in Workplace Campaigns can be granted access to the overall community fundraiser dashboard via permissions or user roles on their user account.
Note that if someone with a Community User Account for a Community fundraising campaign accesses the login link for the back-door/admin application (say from the DonorPoint website), the user will be redirected to the community fundraiser application. Their view will either be any currently active community fundraiser or a personal settings page, if applicable.
User Groups
In DonorPoint you use User Groups to partition your database of objects so that users can only see that data that is appropriate for their position in your organization. Users assigned to a user group are considered Owners of the group, and they have access to objects in the groups where they are owners. For example you can put all the staff and board members of your organization into a group that only admins have access to, so that everyone else on your team cannot see that data.
There is no limit to the number of objects that may be contained in a user group or the number of owners that a user group may have. Admins can create new user groups and select which user accounts own them.
Not all types of objects can have a group assigned to them. When you create an object, if the object can be assigned to a group, you select which group it belongs to. A default group for your account is created when your account is created, and that will be used as the group for new objects by default. The User Group property of an object can also be selected in the edit view for that object.
You allow users of your account to see data by making them owners of groups that contain data that is appropriate for them to see. List Views and Reports in DonorPoint are automatically filtered to groups the user owns. By leaving members out of the list of owners for a group, you are preventing them from seeing the data in that group.
Your account admins can see all data, regardless of what group they are in.
In addition to having user groups manually assigned to them, objects may be in a user group via a related property. For example, transactions get their User Group property from the contact or organization with which they are associated.
For objects like transactions or contacts created by online forms, the user group of the contact created with that transaction is set to that of the form used to create them.
Adding groups
Admins and members with the permission to edit account parameters can find the list of groups on the Manage Account page on the Groups tab.
You can create a group from this tab, giving it a name.
Adding owners to group
You can add or remove users from the list of owners of a group.
Assigning objects to groups
Contacts, organizations and other relevant DonorPoint objects that can be assigned to groups will have a Group prompt on the popup window used to create the object. This will be set by default to the default group for the account, or to one group of the user who creates the object, if that user does not have access to the default group for the account.
Objects that are created by Forms have their group set to the group of the form.
“Group” is a field that can be set on import.
Roles and Permissions
Permissions
Permissions are used to control what users accounts can and can’t do to objects. The permissions module is primarily used to restrict access to non-admin users of an account. Each user account has a permissions property which combines the specific access and task operations to specific objects.
Permissions are expressed in terms of the type of object they apply to, and what operations are permitted on that type of object. The main types of permissions are:
- List - you can see the list view of the type of object
- Create - you can create objects of the type
- Read - you can access the editor for objects of the type
- Write - you can change the values of properties on the object
- Execute - you can perform basic operations on the object, including exporting data
Permissions can be specified further in terms of specific properties on the type of object, as described below.
Special permissions beyond access and basic tasks are more sensitive and are individually controlled by DonorPoint. Examples of these are the ability to import data, send or schedule an email blast, or edit Javascript in page content. These special permissions are assigned to your users and user roles as part of your DonorPoint configuration process.
Links on the DonorPoint sidebar are controlled via permissions. If you do not see a category there, such as Transactions, Emails, or Database it is because you do not have permissions to see these items.
Contact help@donorpoint.com for assistance in coniguring special permissions.
User Roles
A User Role is a group of permissions that you want to re-use across multiple users in your account. This allows you to create levels of access to DonorPoint that match your organization structure. For example, you can create user roles specific to different groups of staff members, such as Finance, Education, Development, or Special Events. For example, only Event staff would be able to create new events, while Development staff would be able to create pages, catalogs and community fundraisers. You can set the user roles on new users when you create them and you can change the user roles on an existing user in its edit view.
User Roles are defined in your account as part of your DonorPoint configuration process and can be expanded by making a request to DonorPoint technical support at help@donorpoint.com.
Objects and Properties
Everything you can access in DonorPoint is an object - contacts, organizations, fundraisers, catalogs, pages or forms, reports, etc. Access to objects are controlled by their type (for example, whether you have permission to access Reports in general), any user group that objects may belong to, and the permissions of any specific user account that owns those objects.
Objects have properties that define them - names, descriptions, prices on orderable items, custom properties on orderable items, pages, catalogs, and community fundraisers. The ability to view and change properties on objects are controlled in DonorPoint through permissions on user accounts. For example, you can grant some users the permission to view transactions, but not edit the details associated with them.
Putting It All Together – Lists, Editing, Creating Objects
If you are an admin user, you can List, Read, Write, Create and Execute common tasks on all types of objects in your account, including Edit and QuickEdit. If you have additional special permissions granted by DonorPoint, you can also execute those special tasks such as importing data, sending blast emails or editing Java script.
If you are a non-admin user, you can access lists of objects such as pages, items, contacts, organizations, transactions, etc. in your account:
- when you are the owner of the object OR you are an owner of the User Group that the object belongs to
- AND you have the permission to List objects of that type
You will only see properties of the objects (and the columns in the list) for which you have Read or Write permission.
From a list of objects such as pages, items, contacts, organizations, transactions, etc. if you are a non-admin user, you can access a specific object via its Quick Edit popup or Edit view:
-
when you are the owner of the object OR you are an owner of the User Group that the object belongs
-
AND you have the permission to Read or Write Objects of that type
You will only see properties of the object for which you have Read or Write permission.
From a list of Objects such as pages, items, contacts, organizations, transactions, etc. if you are a non-admin user, you will see a ‘Create New Object’ button:
-
when you are the owner of the object OR you are an owner of the User Group that the object belongs to
-
AND you have the permission to Create Objects of that type