Admins, groups, and permissions

Last updated:

Learn how administrator rights, groups, and permissions work in Formcentric and how to use them effectively.

What is an admin?

The administrator role

Administrators have extended rights and are responsible for managing Formcentric.
They can:
  1. access the Admin centre
  2. configure global security settings
    (e.g. make two-factor authentication mandatory or configure an alternative CAPTCHA provider)
  3. define privacy settings
    (e.g. automatic deletion or anonymisation of data)
  4. invite and delete users
  5. create, edit, and manage groups
  6. assign users to groups
  7. specify submission permissions for groups
  8. view the 2FA status of all users
  9. stop forms from being edited by regular users
  10. hide gallery designs from being used when sharing

Difference between administrators and regular users

Regular users can:
  1. create and edit forms
  2. view, export, delete submissions, or create automations (if permitted)
  3. upload and manage media
  4. create and edit designs
Regular users cannot:
  1. access the Admin centre
  2. invite or delete other users
  3. manage groups
  4. change permissions
  5. configure security settings

What are groups?

How groups work

Groups allow you to bundle multiple users and assign shared permissions to them.
Instead of assigning permissions individually to each user, you define permissions once per group. All group members automatically inherit these permissions.


Key characteristics of groups:

  1. Groups are managed in the Admin centre
  2. Only administrators can create and edit groups
  3. Users can belong to multiple groups at the same time

Permissions that can be assigned via groups

Groups control which permissions their members have for submissions.

Permission scope

You can assign permissions on two levels:
Submissions from all forms Permissions apply uniformly to all forms in your organisation.
Submissions from individual forms Permissions can be defined separately for each form.

Permission types

You can assign the following permission types:
View Members can view and read submissions.
Export Members can export submissions in various formats (e.g. Excel, CSV).
Delete Members can delete submissions.
Automate
 Members can create automations for submissions of individual forms (e.g. automatic deletion or anonymisation after a defined period).

How do permissions work when users belong to multiple groups?

Permissions in Formcentric are additive.
If a user belongs to multiple groups, they receive the combined set of permissions from all those groups.

Example

  1. Marie is a member of Group A and Group B
  2. Group A allows viewing submissions only
  3. Group B allows viewing and exporting submissions
Marie can view and export submissions.
If you want to remove Marie’s export permission, it is not enough to remove her from just one group.
You must remove her from all groups that grant export permission—or revoke that permission in all relevant groups.

Practical example

Initial situation:
Lisa works in both Sales and Marketing and is therefore a member of two groups:
  1. Sales group
    → Can view and export sales form submissions
  2. Marketing group
    → Can view, export, and delete marketing form submissions
What permissions does Lisa have overall?
  1. Sales forms: view + export
  2. Marketing forms: view + export + delete
What if Lisa should only have read access?
It is not sufficient to revoke permissions in just one group.
You must:
  1. remove Lisa from the Sales group or revoke export permissions there
  2. remove Lisa from the Marketing group or revoke export and delete permissions there

Best practices for organising groups

Recommended global group structure

A sensible base structure for your organisation could look like this:
admins (system group) Members: Users with full administrator rights
Permissions: Full access to all features and the Admin centre
Use case: Management, IT administrators
Team Leads
 Members: Team leads and project managers
Permissions: View, export, and delete submissions for their area
Use case: Managing and analysing data
Employees – full access
 Members: Regular employees with operational responsibilities
Permissions: View and export relevant submissions
Use case: Working with data
Employees – read-only access
 Members: Users who only need insight into data
Permissions: View only for selected forms
Use case: Transparency without editing rights
Department-specific groups
 Examples: Sales, Marketing, HR, Support
Members: Employees of the respective department
Permissions: Access only to forms of that department
Use case: Clear responsibilities and data protection
External partners
 Members: Freelancers, service providers, temporary staff
Permissions: Highly restricted access to specific forms
Use case: Secure access for external users

Practical tips

  1. Less is more
    Start with a small number of clearly defined groups.
  2. Use descriptive names
    For example, Marketing_FullAccess instead of Group_3.
  3. Document your setup
    Keep track of which group has which permissions.
  4. Review regularly
    Remove users whose responsibilities have changed.
  5. Keep the additive model in mind
    Design your groups so permissions complement each other.
  6. Separate by responsibility
    Groups should reflect roles—not individuals.

Further reading

Feedback

ISO/IEC 27001 Icon
IT-Mittelstand Software Hosted in Germany
IT-Mittelstand Software Made in Germany