Reviewing User Roles

Background

It's important that IoGT platform owners periodically review the permissions that have been given to users in IoGT. The following steps will need to be done by a user with Admin access in the IoGT Admin Panel.

If you try the steps and find that you can't find the "Users" or "Groups" items in the Admin Panel menu, you likely don't have Admin access - reach out to your colleagues in your office for help, or to the IoGT Global Team.

Review Admin Permissions

First you should review the users that have Admin permissions. These users can change any content, access any data, and change any settings in the IoGT Admin Panel.

To do this, follow these steps:

1. Navigate in the Admin Panel menu to Settings > Users

1. Admins are listed at the top of the list of users, and are indicated with the word "Admin" in the Level column
2. If you don't recognize a user who has Admin privileges, consider removing their Admin permissions

You can learn more about managing individual Admin Panel users and their permissions if you don't know how to remove Admin permissions.

Review Group Permissions

The second way permissions are given is through user roles, or "Groups" as they are shown in the Admin Panel interface.

To do this, navigate to Settings > Groups in your Admin Panel menu:

Here you will find a list of the Groups defined on your platform.

Groups are mostly used for three purposes:

1. To give users access to functions in the Admin Panel (this is the standard use for Groups)
2. To give users access to very specific functions on the public site (this is limited to specific features like Community Comment Moderation, almost all features on the public site do not require Group permissions)
3. To group users together for a purpose other than permissions (this is limited to specific features)

Many IoGT platforms only have two Groups, which are built-in: "Editors" and "Moderators". Platforms using the connection to RapidPro will have a Group with a name similar to "rapidpro-chatbot".

If you want, you can learn more about managing individual Admin Panel users and their permissions, or creating custom user roles/Groups.

Follow these steps for each Group to complete a review:

1. Click on the Group, and you will arrive on a page listing the various permissions given to users in the Group
2. Click on "View Users in this Group" in the upper right, and you will arrive on a page listing the users in the Group
3. If there are users listed, review whether they should still have the permissions give by the Group
4. If you don't know who the listed users are, consider removing them from the Group

The "rapidpro-chatbot" Group should have only one user in it.

If you have custom Groups beyond "Editors", "Moderators", and "rapidpro-chatbot" and are unsure of what permissions they give, please reach out to the IoGT Global Team for support.