Documentation
Getting Started
People & Profiles
Events
Workflows
Smart Lists
Definitions & Content Types
Forms
Access Control
Files and Media
Actions and Triggers
Short URLs
Importing and Exporting

Roles and Permissions

How Access Control Works

Qik uses a flexible access control system built on three core concepts: Roles, Scopes, and Access Passes (Policies). These combine to determine what each user can do and where they can do it.

Key Concepts

  • Role — A list of permissions that define what actions can be performed (e.g. 'view any article', 'create profile', 'delete event')
  • Scope — An organisational area or domain where those actions apply (e.g. 'Australia', 'HR Department', 'Youth Program')
  • Access Pass (Policy) — Combines one or more roles with one or more scopes, then is assigned to users. Think of it as a digital keycard.

The formula is: Access Pass = Roles + Scopes → Assigned to User

Roles

Roles are collections of permissions. Each permission is a specific action on a specific content type, such as:

  • article.viewany — View any article
  • profile.create — Create a new profile
  • event.editown — Edit events you created
  • event.deleteany — Delete any event

Common role patterns include:

  • Viewer — Can view content but not edit or create
  • Contributor — Can create and edit their own content
  • Manager — Can view, edit, and delete any content
  • Administrator — Full access to all features

To create a role, go to Access Control and create a new role, then select the permissions it should include.

Scopes

Scopes define where permissions apply. They form a hierarchy (like folders), so permissions granted in a parent scope cascade down to child scopes.

For example:

Organisation
  ├─ Australia
  │   ├─ Sydney
  │   └─ Melbourne
  └─ New Zealand
      └─ Auckland

A role granted in 'Australia' also applies to 'Sydney' and 'Melbourne'. A role granted at 'Organisation' level applies everywhere.

All content in Qik belongs to one or more scopes. Users can only see and interact with content in scopes they have access to.

Access Passes (Policies)

Access passes tie it all together. Each access pass defines:

  • Which roles the user gets (what they can do)
  • Which scopes those roles apply in (where they can do it)

A user can have multiple access passes, and their permissions are additive — they get the combined permissions of all their access passes.

Example Setup

For a school management system:

  1. Create roles: 'Teacher' (create lessons, view students), 'Principal' (view all), 'Admin' (manage everything)
  2. Create scopes: School → Elementary, Middle, High
  3. Create access passes: 'Elementary Teacher' = Teacher role in Elementary scope
  4. Assign 'Elementary Teacher' to the appropriate users

Managing Access Control

The Access Control section in the sidebar provides:

  • Users — View and manage dashboard users and their access passes
  • Roles — Create and edit permission roles
  • Policies (Access Passes) — Create combinations of roles and scopes
  • Scopes — Manage the organisational hierarchy

Positions

Scopes can also define positions (e.g. 'Team Leader', 'Member'). When a person is assigned a position within a scope, they automatically receive the roles associated with that position. This is useful for organisational structures where permissions are tied to someone's role within a team or department.

FAQs

How do multiple access passes combine?
What's the difference between 'own' and 'any' permissions?
How do scope hierarchies affect permissions?