Permissions and Access

Setting up access in Tracy isn't just about keeping your data safe and secure—it's largely about designing the logic of your workflows: not only who can see or edit what and when, but also who should do what, when, and how.

There are two types of permissions: those that relate to records as a whole (creation, state change, archiving, deletion) and those that relate to individual property data (viewing and editing). Access is configured according to user roles, record states, and whether the user is assigned to a particular record (i.e., connected to it in any way—as the author, responsible person, supervisor, etc.). Separately for each dataset.

Example #1. In a delivery service, managers can be given editing access to all properties across all order states—or restricted to view-only once an order is completed. Couriers only need a portion of the information (customer name, phone number, address, order contents, and delivery date and time)—view-only, and only when assigned to the order. Since couriers are responsible only for delivery, they don’t need to see orders in other states.

Example #2. Managers working with clients can be given access only to the clients they added themselves or were assigned to by their supervisor. Or certain data from other managers’ clients can be hidden from them.

Example #3. For an assembler packaging products in a manufacturing facility, the required actions can be displayed one by one as a checklist, using states as process steps—optionally with photo confirmation at key stages.

Example #4. Since a user cannot move a record to the next state without filling in required properties, it’s possible to prevent, for example, a technician installing an air conditioner from closing a request without photos of the completed work and the client’s signature.

Please note: the system settings access level (“Selective”, “Extended”, and “Full”) affects only workspace configuration capabilities and has nothing to do with access to records or their property data.

Please note: if a user has no permission to view any property in a dataset, that dataset will not appear for them in the sidebar catalog. The same applies to states in Kanban board representations. Records in which no properties are accessible to a user are also not shown to them.

Since access is configured for each dataset separately, go to the settings of the relevant dataset. To do this, activate configuration mode by clicking the corresponding toggle at the bottom of the sidebar, then select “Configure” from the context menu next to the dataset name in the sidebar catalog or next to its name in the main area. On the dataset configuration screen, the role selector is located at the top center, below the states.

Please note: if the configuration mode toggle is not available, it means you do not have access to system settings. In this case, contact your workspace administrator or owner.

Configuring Record Action Permissions and Property Access

On the left top side of the screen, you can switch between two configuration modes: simplified and detailed. In simplified mode, permissions for each action or property are set across all states at once—convenient for initial setup. In detailed mode, you can fine-tune permissions for individual states where needed.

To configure permissions, select the desired role using the selector at the top of the screen, then set the permissions for each record action and each property in the corresponding columns.

Please note: a permission marked with an asterisk means the user will only have it if they are assigned to the record. For example, if a courier has an asterisk permission to view the customer’s name, phone number, and address—they will only see this data if they are responsible for delivering that order. The same applies to record actions: an asterisk permission to change state means the courier can only change the state of their own orders.