Security and data protection are high goods and these must be protected. That is why ChurchTools offers very individually and finely adjustable permissions that define exactly which person can see which data and what they are allowed to do with this data. For this, in addition to the permissions, which are explained here, the security levels must also be considered. In this way, you define for your ChurchTools that each user can only see what he or she really needs to collaborate. How much that is depends entirely on your church and varies greatly from person to person.
Give permissions #
No matter what situation you want to map with the permissions. Always start with the two most important questions:
1. How does a user get his permissions?
2. What do his permissions apply to?
- Global permissions – These permissions apply to your entire ChurchTools and can be given to persons by status, group type, group or user.
- Group-internal permissions – These permissions only apply within the group type or group for which they are given.
Permissions work differently #
There are permissions that allow you to use certain features in ChurchTools and others that refine the scope of the features and determine what data you are allowed to see and edit.
For example, some permissions allow you to create form letters or calendar appointments, schedule events, or add people to a group. These permissions allow you to use some of the many ChurchTools features.
Which people you are allowed to write form letters to, in which calendars you are allowed to create events or calendar appointments or which groups you are allowed to add people to, is in turn controlled by other permissions. These permissions limit the functional range and refine your access possibilities. They control the visibility of the data you can then see and edit with the functions that have been made available to you.
Additive permission system #
Permissions in ChurchTools only work additively. This means that you cannot take away permissions from a user, you can only give them additional permissions. A user to whom you have not given any rights is therefore not allowed to see, execute or edit anything. It does not matter if a user gets the same permissions through different sources.