Admin Console - Access - Permissions
Discover how to effectively manage permissions through the Admin Console.
Important note
Permissions replace and streamline the previous concept of Groups and Roles.
Migration to the new permissions model is handled individually for each company. As a result, this knowledge base entry may not yet apply to your specific setup.
The permission model within the Yonder is organized into three distinct layers:
- Application
- Organization
- Workflow
Each type of permission serves a specific purpose and is managed by either Yonder or the customer. This layered structure provides both control and flexibility for secure and effective use of the platform.
Permission
To view the details of a permission, click on the desired permission entry.
Yonder will display the Permission Details along with a list of Assigned Users:

Permission Details
List of the Permission attributes:
- Name:
The unique name of the permission. - Description:
An optional text field that can be used to provide context or details about the permission. - Receive change notifications:
Determines whether this permission group can be selected as a recipient for change notifications.- When enabled, the group becomes available in the notification configuration screen.
- All users assigned to this permission will receive notifications when changes occur, depending on how notifications are configured.
Assigned Users
This section displays all users who have been granted the selected permission.
You can assign or remove individual users, as well as assign all or remove all users directly from this screen. These actions can also be performed under Access Management > Users.

Add a new Permission

Edit a Permission
Clicking "Edit" allows the user to modify the permission details:

Delete a Permission
Clicking "Delete" allows the user to delete the permission:

Deletion of a Permission and assigned Users
Deleting a permission does not remove the users assigned to it. Only the permission itself is deleted; the users remain unaffected and available in the system.
1. Application Permissions
Governed by Yonder
Application-level permissions are centrally managed by Yonder and determine access to core system features, integrations, and administrative capabilities. These permissions are associated with predefined roles, such as viewer
, author
, or site-admin
, and cannot be modified by the customer.
For a detailed breakdown of these roles and what they enable, please refer to the table below:
Application Role Permissions Overview
Role |
Description |
viewer |
Grants read-only access to smart documents and filedrop files. Users can view content both online and offline. This is the default permission assigned to all users. |
viewer-previousversion |
Allows users to access and view historical versions of smart documents. Useful for tracking changes and reviewing document history. |
manager |
Provides editing capabilities for filedrop files and forms. Users with this role can modify content but cannot create new smart documents or manage system-wide configurations. |
author |
Enables users to create new smart documents and revise existing ones. Ideal for content creators who need full authoring functionality, including versioning and publishing. |
site-admin |
Grants access to administrative settings, including user management, document type definitions, folder structures, tagging configurations, and forms workflow setup. This role is intended for system administrators responsible for the overall configuration and requires corresponding training. |
interface-iqsms |
Activates the IQSMS interface within the platform. Only applicable and visible to customers who have licensed the IQSMS integration module. |
interface-ism |
Activates the ISM interface within the platform. Only applicable and visible to customers who have licensed the ISM integration module. |
compliance |
Provides access to compliance reports with anonymized user data to ensure GDPR compliance. Users can analyze compliance either on document or user level without identifying specific individuals. |
logging |
Grants visibility into compliance reports with full user identification, as well as access to the system's activity log (history log). Intended for auditors or administrators who require detailed tracking and accountability under GDPR provisions. |
These roles ensure consistency and security across all customers and environments. If you need to assign or adjust these roles, please contact Yonder support.
2. Organization Permissions
Managed by the Customer
Organization permissions define user access within the customer’s organizational structure. These are fully self-managed by the customer and control visibility, notifications, and role-based access to resources within the organization.
Specifically, organization permissions include:
-
All existing hard roles (visibility):
These determine what content, documents, or folders a user can see based on their organizational role. -
All existing change notification roles:
These define who receives alerts and notifications when changes occur in relevant documents or processes. -
All existing organization roles:
These encompass role-based access and responsibilities within the organizational hierarchy (e.g., department-specific permissions, group-based access control).
3. Workflow Permissions
Self-managed by the Customer
Workflow permissions are also managed by the customer, and govern what actions users can perform within a given form or process workflow. These permissions are configured on a per-workflow basis and may include:
- Contributors
- Editors
- Internal and external approvers
Workflow Permission Editing Exceptions
- For Workflow Permissions, the Name field cannot be edited, as it is linked to the workflow configuraton and the correspoinding mapping. It must remain consistent.
- Worflow Permissions can not be configured to receive Change Tasks.