Easier permissions management
L
Lorelei Lin (she/her)
Hi there, it's way too difficult to manage permissions for a project. I wish it were more like Google Docs, where as the manager of a project, I can add/remove user access as needed for a particular project. We do internal research where it could be incredibly damaging for viewers to view their colleagues' raw data without consent.
Because of nested permissions, where the folder permissions supersede individual project permissions, I can't remove an individual user who absolutely shouldn't have access to a project. (Google Drive also has this problem when certain permissions are applied at the folder level - another huge pain for people who do work like we do. So much time wasted copying, deleting, and re-uploading things, oftentimes having to bring in IT who are the only people with full admin permissions.) To solve my current issue, I'm going to try to delete the project entirely, which hopefully I have permissions to do.
Log In
Pat Barlow
Hello Lorelei Lin (she/her)! I have a few more questions for you:
- Can you describe a specific scenario where the current permissions system caused issues for your team?
- How frequently do you need to change permissions for projects, and how does the current system impact your workflow?
- Are there any specific features from Google Docs' permissions management that you find particularly useful and would like to see implemented?
L
Lorelei Lin (she/her)
Hi Pat Barlow !
- Sure - I was organising our related projects into folders; when I added an older project into a newer folder, the folder permissions overrode the older project's permissions. This meant that some Dovetail users could now view raw data for a project that should've been locked down to researcher access only. Because I noticed it immediately, I addressed it by deleting some users who don't need Dovetail access anymore, then when I realised the remaining users' permissions could not be edited and I could not move or update the project itself to fix permissions, I resorted to deleting the project. If I hadn't noticed it immediately, it could have caused consent violations and ethical/interpersonal issues in our org (a huge breach reflecting poorly on me and my team/function).
- This isn't a frequent need, but it's fundamentally important for the type of sensitive internal research we do in Dovetail. In the abovementioned situation, it took up my time trying to fix the problem urgently, and meant that I deleted data (the entire project) sooner than I would have preferred. I wondered if our account's admin might have more ability to change permissions than I, but he also shouldn't have access to this type of sensitive raw participant data, so I didn't call his attention to it.
- Being able to specify permissions for individuals at the project level (most importantly "no access"), rather than beholden to folder permissions, would be immensely helpful for me and my team. Being able to tightly manage permissions without relying on admin (who in our org are not researchers and should not access raw data) would be immensely helpful - perhaps a role/set of permissions similar to how Google Docs gives the "owner" of a doc more permissions than "just" editors of the doc (e.g. ability to delete the file).
As it is, our only path seems to be not using folders at all, as we need to be able to fence non-researcher viewers in or out depending on the sensitivity of the data.