Checkbox 5 Permissions Guide

This document walks you through the process of configuring general permissions within the Checkbox application.

Contents:

  • Checkbox Permissions Overview
  • User Roles
  • Survey Permissions & Response Options

Permissions
Response Options

  • Advanced Survey Permissions

Access List
Add Users/Groups to Access List
Default Properties

  • Permissions Diagram
  • Common Permissions Scenarios

Add Users/Groups to a Survey ACL
Add Users/Groups to a User Group ACL
Add Users/User Groups to a Report ACL
Configure Permissions of a Folder to Allow non-ACL Access

  • Permissions Review

Checkbox Permissions Overview

Permissions, also referred to within Checkbox as Security, control which access-controllable entities a user can create, edit, or view.

Permissions can be set on:

  • Surveys
  • Reports
  • User Groups
  • Libraries
  • Folders
  • Email Lists

Throughout this guide, the shorthand 'entity' will be used when discussing any of the above access-controllable Checkbox functions.

User Roles

Another type of permission/security within Checkbox is the User Role. User Roles are assigned to Checkbox users and dictate which entities a user can access. By default, a user has access to only the entities they have created, be that a survey, a report, a user group, etc. If you would like to grant a user access to an entity they did not create, the user will need to have the correct role(s) and have been granted permission(s) in the entity's security settings.

The following is a list of all user roles and the actions each role is capable of:

Systems Administrator: Can change the settings of the application and view/edit/respond to all items within Checkbox
User Administrator: Can create new users
Survey Administrator: Can create/edit/activate surveys
Respondent: Can respond to surveys
Report Viewer: Can view existing reports
Report Administrator: Can view reports and create new ones
Survey Editor: Can modify surveys
Group Administrator: Can assign users to groups

User Roles are configured when a new user is created and can be edited within the User Manager at any time by a System Administrator or User Administrator (User Admin can only modify users they created) . You can select one or more user role(s) for any given user, depending on the level of access you wish to grant them within Checkbox.

These roles are required in order to complete specific actions on a Checkbox entity. For example, if a particular user has been assigned the Report Viewer role but wishes to create a survey they would not be able to, because their role designation permits them to view reports only. That user would need to be assigned the Survey Administrator or System Administrator role in order to create a survey.

Survey Permissions & Response Options

Survey permissions are configured in the Survey Manager >> Settings >> Permissions.

From the Permissions tab you can configure your survey response permissions (who has access to your survey) and response options (what respondents are allowed to do while taking your survey).

Permissions:

Select a Survey Permission Type from the drop-down list to determine who has access to your survey. Select your desired permission type from the following options:

  • Public (Default): Survey has no access control. Any respondent, including those not registered in Checkbox as users, will be allowed to complete this survey. By default, all surveys are set to Public upon creation.
  • Password Protected: A survey-specific password will control access to this survey. Any respondent that knows the password, including those not registered in Checkbox as users, may complete this survey.
  • Access List: Only users specified in the access control list will be allowed to complete this survey. Users must log-in to Checkbox to take the survey and their user attributes will be linked to their responses. Select the "Respondents List" button (will appear once the Access List option is selected) to add users to your survey access list (see above image).
  • All Registered Users: Any user that can log into Checkbox and is assigned the respondent role will be able to complete this survey.
  • Invitation Only: Only respondents whom have been invited via an email invitation sent by the Checkbox application will be able to respond to this survey.

NOTE: This assumes you are the Survey Administrator for a survey that you have created, or that you have the authority to change permissions.

CHECKBOX TIP: By setting your survey to ‘Public’ or ‘Password Protected’ you are not requiring your respondents to be registered Checkbox Users. This means that each response will be captured as an ‘Anonymous Respondent’. If you would like to capture the user name and profile properties of your respondent, you will need to create an account for your user and set permissions for your survey to ‘Access List’ or ‘All Registered Users’

Response Options:

In this section you can set your response options and limitations:

  • Total Response Limit: Number of responses that can be submitted before survey closes to responses
  • Per Respondent Response Limit: Number of responses that can be submitted by a unique respondent
  • Scored: Allows you to assign a numeric value to answer options
  • Anonymize Responses: Captures all responses as anonymous, including registered Checkbox users
  • Allow 'Back' Button: When checked, respondents may move backward in a survey to modify responses prior to survey submission
  • Display "Form Reset" button: When enabled, this button appears with your survey navigation buttons. If selected by a respondent, all responses on that page will clear
  • Allow Respondents to Edit Previously Completed Responses: When checked, respondents have the ability to return to a previously submitted survey and modify responses
  • Allow Respondents to Stop and Resume their Response Later: When checked, respondents may save and exit a survey before submission and return to the saved location at a later date to complete the survey

Advanced Survey Permissions

Each Survey Permission Type changes the permissions of your survey for Respondents only. These security options do not configure any permissions for the users whom will have the ability to edit your survey. To add/remove survey access for survey editors or administrator, select the Advanced Options button.

From the Advanced Options window you have the ability to view current user permissions, change default permissions, and add users and/or groups to a survey's Access Control List (ACL). Many entities in Checkbox have an Access Control List. Users may only be added to a particular entity's ACL if their individual user role(s) correspond with that entity. For example Report Viewers, Report Administrators, and System Administrators can be added to a report ACL.

Access List

The Survey Access Control List allows you to control which users/respondents have permission to:

  • Administer a specific survey
  • Analyze response data for a survey
  • Take or modify a survey
  • Only respond to a survey
  • View survey responses
  1. The left hand list displays users currently on the survey's access list. Select an entity on the left to display that user's actual permissions on the right side of the window.
  2. Select the permissions on the right hand list to apply to the selected entity on the left and click Save Changes to make the new permissions effective.

For example, if you needed to permit an additional Survey Editor to modify a particular survey you could grant them this access by adding them to the ACL and checking the "Edit/Take Survey" box.

NOTE: The permission options listed on the left are groups of permissions. To view all individual permission options, select Ungroup Permission at the top of the list.

Add Users/Groups to Access List

On this window you can add and remove entities to the survey Access Control List.

  1. The left hand box contains all available users/groups that could be added to the survey access list. Select an entity on the left to add it to the permission list.
  2. Once a user/group is selected from the left hand box, it will move to the right hand box, which contains entities currently on the permission list.

NOTE: When adding a user group to an ACL, only users with user roles that correspond with that ACL entity will have access. Make sure all group members have the appropriate user role.

After adding a new user/group on the Add Users/Groups to Access List tab, move back to the Access List tab, you will see the new entity listed on the left hand box and can then set specific permissions on the right hand box.

Default Policy

A survey's Default Policy is the permissions setting for all users not included on the survey Access Control List.

For example, if on the Access List tab you granted specific users permission to administer a survey, but want anyone not specified on the ACL to still be able to respond to the survey, set the Default Policy to 'Take Survey' (see image above).

NOTE: ACL permissions supersede any default policy.
NOTE: The permission options you see listed by default are groups of permissions. To view all individual permission options, select 'Ungroup Permissions' at the top of the list.

Permissions Diagram

Permissions can be configured for a number of different entities within Checkbox using the same Access Control List (ACL) principles illustrated under "Advanced Survey Permissions." The above flow chart illustrates the process Checkbox uses to evaluate permissions.

From the diagram, the following key points about access control become clear:
    

  1. An ACL policy cannot grant permission to a user whom is not in a role that also grants the corresponding permission. For example, users with a Respondent role only can only be added to the ACL of surveys and folders.
  2. An ACL policy can deny permission to a user even if they have the correct role designation. For example, a user with a Report Viewer role must either be included on the report's ACL, or the report has a Default Policy which permits non ACL access.
  3. An ACL policy for a user or group can deny permission to that user or group even if the default policy grants that permission to every other user

Common Permissions Scenarios

Add Users/Groups to a Survey ACL

After creating a new survey and setting your permission type to 'Public,' (anyone with the survey URL can take survey) you may wish to grant specific Checkbox users permission to take and edit your survey. This can be accomplished through the following steps:

1. Select Advanced Permissions from the Permissions area of the Survey Dashboard (Configure>>Permissions).

This will open your survey's ACL (Access Control List). The Access List tab should appear by default, and you should see your user name in the left-hand box. If you are a System Administrator, when you click on your username you should see all of the permissions boxes pre-selected on the right-hand side of the window.

If you select the Default Policy tab, 'Take Survey' should be the only permissions option pre-selected. This is because we set the survey permission type to Public. By default, anyone with the survey URL can take the survey.

2. To add a user or group to the survey access list, move to the Add Users/Groups to Access List tab. The left-hand box contains a list of all available users and groups from the User Manager. To add a user or group to the access list, simply select an entry from the list. Upon selection, the user or group should automatically move to the left-hand box.

In the example above, we added user2 to the access list, because this particular user has a Survey Editor role designation. User1 has a Respondent role, therefore would not be able to edit our survey even if we added him to the access list.

Checkbox Tip: If you are unsure of a user's designated role(s), be sure to confirm within the User Manager before adding the user to the access list.

3. Return to the Access List tab to set additional permissions for the new access list member. Once on the Access List tab, select the newly added user to expand the permissions options in the right-hand box. If you want allow the user to edit the survey, check the box labeled 'Edit/Take Survey' and save your changes.

4. Test your new permission configuration by logging in as the new ACL member and attempting to edit the survey.

Add Users/Groups to a User Group ACL

By default only System Administrators are permitted to view user groups created by other users in Checkbox. If you wish to allow non System Administrators to view a groups they did not create, you will need to them to the ACL of that group. Once the desired members have been added to the group's ACL, you can then configure ACL permissions options to grant the new members the ability to edit, view or administer the group. Make sure the user(s) you add has a 'Group Administrator' user role (configured in user's profile).

In this example, user3 and user4 are Group Administrators (can assign users to groups). We will use the following steps to add these two users to the ACL of the 'Employees' user group, making it possible for them to administer this group moving forward:

1. Select User Groups from User Manager menu.

2. Select the Employees group from the left-hand list. Selecting the group will expand a dashboard on the right-hand side of the screen.

3. Select the Security option from the dashboard menu. A window will appear that closely resembles the survey ACL. Like the survey ACL, you will first see the Access List tab, which displays current ACL members.

4. To add a user/group to the ACL, move to the Add Users/Groups to Access List tab and select the entities you wish to add from the list in the left-hand box. Once selected, the entities will appear in the right-hand box.

5. Return to the Access List tab to configure the permissions for your new ACL members.

6. Select a member to expand the permissions options on the right. Expand the full list of permissions option by selecting Ungroup Permissions. In this example we want grant user3 and user4 permission to administer all available options except 'Delete'. After configuring the ACL, save your changes.

7. Test the new permissions configuration by logging in as the new ACL members and attempting to modify the group.

Add Users/Groups to a Report ACL

By default only System Administrators are permitted to view reports created by other users in Checkbox. If you wish to allow non System Administrators to view or modify a report they did not create, you will need to add them to the ACL for that report. Once the desired members have been added to the report ACL, you can then configure ACL permissions options to grant the new members the ability to edit, view or administer the report. Make sure the user(s) you add has a 'Report Viewer' or 'Report Administrator' user role (configured in user's profile).

In this example, we want to grant the 'Employees' user group access to view a report. Before editing the report ACL, make sure all of the users in the 'Employees' group have a Report Viewer or Report Administrator user role designation.

We will use the following steps to add this group to the 'Employee Satisfaction report' ACL:

1. Select View All button from the Reports area of the Survey Dashboard.

2. Select the Employee Satisfaction Report from the left-hand list. Selecting the report will expand a dashboard on the right-hand side of the screen.

3. Select the Permissions option from the dashboard menu on the right. An ACL window will appear. We will first see the Access List tab, which displays current ACL members.

4. To add a user or group to the report access list, move to the Add Users/Groups to Access List tab. The left-hand box contains a list of all available users and groups from the User Manager. To add a user or group to the access list, simply select an entry from the list. Upon selection, the user or group should automatically move to the left-hand box. In this example we have selected the 'Employees' group.

5. Return to the Access List tab to configure the permissions for our new ACL user group.

6. Select the newly added group to expand the permissions options on the right. The options selected here will apply to all group members. In this example we want grant the 'Employees' group permission to view the report only, so we will select 'View Report' under the permissions options list. After configuring the ACL we will save our changes.

7. Before we leave the ACL editor, we want to make sure no one other than the group we specified ('Employees') and the ourselves ('admin') can access this report. We will move to the Default Policy tab to make sure none of the permissions options are selected and save our changes.

8. Test the new permissions configuration by logging in as the new ACL members and attempting to modify the group.

Configure Permissions of a Folder to Allow non-ACL Access

Every survey folder within Checkbox contains its own access control list (ACL). Only Survey Editors, Survey Administrators, and System Administrators can access survey folders. Only the creator of the folder or a System Administrator has the ability to grant access to the folder to other users.

NOTE: Permissions of a folder DO NOT propagate down to survey listed inside a folder

In this example we will change the default policy of a folder to allow non-ACL Access to any user with a Survey Editor or Survey Administrator user designation. Use the the following steps to change the default permissions of a folder:

1. From the Survey Manager, select the folder you wish to modify permissions for.

2. Select the ‘Security’ option to expand the folder ACL. We will first see the Access List tab, which displays current ACL members.

3. Move to the Default Policy tab. By default, all permissions options should be un-checked.

4. We wish to grant all users (with either a Survey Editor or Survey Administrator role) not specified on the Access List tab, the ability to view the contents of this folder, therefore we will select the option to 'View Folders and Folder Contents' and save our changes.

5. Test the new permissions configuration by logging in as a Survey Editor or Survey Administrator and attempting to open the folder.

NOTE: You should only able to see surveys you have been granted permission to access as dictated by the survey ACL configuration.

Permissions Review

Key Points

  • Checkbox allows you to set permissions on Surveys, Folders, Reports, User Groups, Libraries and Email Lists.
  • Checkbox allows you to set different access roles for individual users within Checkbox.
  • Being assigned a user role does not in of itself grant a user access to a Checkbox entity. Being a member of a role simply controls which permission can be granted to a given user.
  • Survey Permissions can be set in three different places(Survey Security, Access Control List and Default Policy within the Access Control List) .
  • The System Administrator has rights over all entities of Checkbox and does not need to be configured on any ACL or security page. When testing surveys for your respondents DO NOT use the System Administrator account since permissions will be superseded and you will not have a proper representation of how your survey will behave.
  • If you configure the permissions of your survey correctly but a user still can not view/edit it, be sure to double check your folder permissions to confirm you have set those permissions as well.

Thank you for viewing this Checkbox User Guide. Click here to return to Checkbox Resources.