Portals are a shared space for collaboration between you and your team, and your customers/prospects. There are therefore two main types of Portal users:

In this article, we will focus on how you can configure permissions for External Users in "External Roles", which are an equivalent to the standard Roles you configure in the "Settings" Global Tool for Users (i.e. you and your colleagues) for your Planhat tenant in general. External Roles are managed within the "Users & Roles" part of the Portal Manager. Being able to enable/disable permissions here means you have granular control over what End Users can view and do in Portals.

Click the image to view it enlarged

In the "Users & Roles" part of the Portal Manager you can also view and manage the External Users who have been added to Portals - this is across all your Portals, for different Companies. We talk through how to add External Users in a separate article, here (as this is done in Portal Settings of individual Portals rather than in "Users & Roles" in Portal Manager).

Click the image to view it enlarged

In the overall process of setting up Portals, typically:

The "External Roles" tab of "Users & Roles" in Portal Manager is where you set permissions so that your External Users (added End Users) can view and interact with the data in their Portals (but only have the access levels they need, and no more).

Click the image to view it enlarged

Setting External Role permissions here is similar to setting permissions for User Roles (for you and your colleagues) within the "Settings" Global Tool - but for External Roles there are fewer permissions to configure.

You will have at least one External Role to configure, but depending on your Planhat package, you may have the option to create and configure multiple External Roles - we talk more about this later in this article.

External Roles start off with almost no permissions enabled (only a few vital ones), meaning they are effectively a blank slate where you can add the specific access you would like to enable. This approach has been designed for data security. You are fully in control of what your External Users (i.e. Portal End Users) can see and do in their Portals.

Let's take a closer look at the different permissions you can enable in External Roles.

The first tab is for workflow permissions.

Click the image to view it enlarged

Workflow permissions are toggle switches that you can enable for your External User(s) as desired.

There are two permissions in this category (at time of writing):

The other tab for External Users is where you set data model permissions.

Click the image to view it enlarged

Like when you set data model permissions in Roles for Users (you and your colleagues) in the "Settings" Global Tool, these are organized into "business models" at the top (the standard models you are used to seeing in the Planhat app, such Company, Asset and Project etc.), and "system models" at the bottom (which you can see some definitions of here). There are separate checkboxes for Create, View, Update, Remove and Export on the model, and you can click any model to expand it out to see its properties (fields) and set permissions there too, enabling very granular control.

As a minimum, we recommend enabling permissions for:

External Roles have some built-in constraints, for data security (to be appropriate for External Users). You will see that many data model permissions are disabled and cannot be enabled for External Users (e.g. ApiAccessLog, Automation and ConnectionData (example shown below).

Also note that External Users cannot open/view Company or End User Profiles (even if links to them were shared).

In some circumstances, you may have the ability to create multiple Roles. This ability is configured by a Planhat staff member ("Super Admin") on a tenant level, and the functionality is enabled based on your Planhat package.

In some circumstances, it may be useful to allow different groups of External Users to have different access levels.

If your tenant does have the ability to have multiple External Roles, you will see a button in the top right of the External Roles tab: "Add new Role", which you can click if you would like to create a new Role from scratch.

Click the image to view it enlarged

This will open up a modal where you can name your Role and give it a description. Ensure you make it clear who exactly this External Role is for (in contrast to your other External Role(s)). This will create a blank Role (with only minimal necessary permissions enabled), so you can build it up "from scratch".

The alternative is that you can duplicate an existing External Role, if you would like your new External Role to have a starting point of the same permissions that you can then edit, rather than starting with a blank slate. To do this, mouse over the External Role you would like to copy, and click on the ellipsis (symbol of 3 dots):

... and then click "Duplicate":

This opens up the same modal, with the original External Role details cloned, for you to edit for this new External Role. Once you have adjusted the name/description and clicked "Save", the new External Role will be created with the same permissions as the original one, for you to edit as desired.

If you have multiple External Roles, you can simply click on one in the list to open up its permissions on the right-hand side to view or edit.

If you would like to edit the name/description of an External Role, or delete it, then simply mouse over its name to show the ellipsis (3 dots), and then click "Edit" or "Remove" respectively.

The other tab in the "Users & Roles" part of Portal Manager is "External Users". Here you can see a list of your End Users who are External Users in a Portal.

Click the image to view it enlarged

This is a useful place to get an overview of your External Users, and to apply bulk actions if desired. From here, you can:

Click the image to view it enlarged