Roles in CSWeb control what users can access and modify within the system. Each role defines a set of permissions across features and data. CSWeb provides several predefined roles and allows administrators to create custom roles with granular permission settings.
CSWeb permissions are organized into the following categories:
| Category | Description |
|---|
| Dictionaries | Controls access to data dictionaries. Read allows viewing and downloading dictionaries. Write enables creating, modifying, and deleting them.
|
| Data | Controls access to case data within dictionaries. Read allows viewing, downloading, and viewing sync history. Write enables adding, uploading, and modifying case data. Delete permissions are split into Dashboard (via the UI) and API (via API endpoints).
|
| Apps | Controls access to data collection applications. Read allows viewing and downloading. Write enables uploading, modifying, and deleting.
|
| Files | Controls access to files stored in CSWeb. Read allows viewing and downloading. Write enables uploading, modifying, and deleting. Synchronizing paradata requires file permissions.
|
| Reports | Controls access to sync and map reports. Read allows viewing reports. Write enables creating, modifying, and deleting them. Users must also have read access to the associated dictionary data to work with a report.
|
| Users | Controls access to user management. Read allows viewing user lists and details. Write enables creating, modifying, importing, and deleting users.
|
| Roles | Controls access to role management. Read allows viewing roles. Write enables creating, modifying, and deleting roles.
|
| Dashboard Login | Allows users to log into the CSWeb web interface. |
CSWeb includes three predefined roles:
| Role | Description |
|---|
| Administrator | Full access to all features and data, including user and role management. Use for system administrators. The Administrator role can be used for all aspects of CSWeb work except that it cannot be used when accessing data using the CSWeb data source.
|
| Developer | Broad access to dictionaries, data, apps, files, reports, and user management. Cannot manage roles. Use for technical staff.
|
| Standard User | Read/write access to data and files and read-only access to dictionaries and apps. No access to the CSWeb Dashboard. Use for field data collectors. |
Custom roles allow you to create permission sets tailored to specific user groups in your organization. To create a new role:
- Navigate to the Roles page from the sidebar menu.
- Click the Add Role button.
- Enter a Role Name.
- Configure permissions for each category by checking the appropriate boxes.
- Enable Dashboard Login if users should be able to log into the web interface.
- Configure Data Permissions (see next section).
- Click Save.
Data permissions offer two levels of control:
Default Permissions: Permissions apply to all existing and future dictionaries unless overridden. Set these in the (Default) row of the Data Permissions table.
Dictionary-Specific Permissions: To override defaults for a specific dictionary, uncheck Use Default for that dictionary and configure its permissions independently.
For example, a role for enumerators could have read/write access to the dictionaries for data collected in the field, but only read-only access to the geocodes dictionary.
Roles can be edited, copied, or deleted from the Roles page using the icons next to each role. A few constraints to be aware of:
- The Administrator and Standard User roles cannot be modified or deleted.
- Copying a role opens a pre-filled form. Enter a new name and adjust permissions as needed.
- Deleting a role reassigns all affected users to the Standard User role.