Since ChurchTools works with an additive permissions management, you can only give users additional permissions and not take them away.

When assigning permissions, you should therefore proceed from the most applicable property to the most specific property.

• That is, from the status that applies to many,
• through the group types and groups whose permissions apply to a more limited group of users,
• to the individual user. (You should only assign permissions directly to a user in exceptional cases, as this can quickly lead to a confusing permissions structure that is difficult to maintain.)

If you assign permissions to a group type, then these permissions apply to the group members of all groups of this type. It’s like assigning a permission to each group individually with little effort.

1. Give permissions to the status #

You start with the status: Here you can, for example, give all members permissions for the calendar and for booking resources. Go through all global permissions one by one and ask yourself whether the permission would be useful and necessary for all members.

2. Authorise users who are part of a certain group type #

Then go on to the group types: Here you set the permissions for the roles that users in groups of a certain type should have. Go through all roles of all group types and define the permissions.

3. Authorise users who are part of a certain group #

Now you can authorise specific groups. For example, you could give the roles of a group “church leadership” far-reaching permissions that they need to do their work.

4. Authorise individual users #

Finally, you go through the individual users and ask yourself whether a user needs further permissions.