Articles in this section

Viewing and Granting User Permissions

Avatar
Posted by: Tracy Lavlle
  • Updated
Follow

The workflows, documents, and reports that each user can view on their Company Workspace is determined by their access settings. As a default, Shoobx will automatically assign basic access rights to users according to their role within the company (i.e. employee, investor). You may want to grant additional access so users see information or take action on behalf of the company. You can only grant other users additional access if you have one of the following permission levels: (1) Full Company Access, or (2) Full Human Resources access (allows management of HR access only).

This article will define the access levels available to users, and how to grant additional access. (If you would like to learn more about access levels for third parties invited to your Shoobx account, see here: How to Share Your Data Room and/or Cap Table with a New Investor).

What are the access roles that Shoobx automatically assigns?

Users are assigned certain rights according to their role within Shoobx and your company. These roles are assigned automatically as the result of a workflow in Shoobx:

Employee: Can view their own employment documentation, run available employee onboarding workflows (if enabled), access the employee directory and the organizational chart.

Stockholder: Can view their own equity documentation.

Investor: Can view their own investment and equity documentation.

Board Member: Can view the cap table and has full data room access.

How do I find out what access level users have?

You can determine a person's access level by:

  • Find the person in the user directory.
  • Click on their name to access their Profile.
  • Click on the "permissions" tab on the left of the screen.

The Permissions screen will summarize the roles the user has, the additional company access they've been granted, and the additional data room access they've been granted.

Clicking on the "Edit Access Levels" button will allow you to see the full list of available access levels and short descriptions of each.

How do I grant additional company access?

You can find the entity in the directory (by searching, as done for users, in your dashboard) and, instead of clicking on the left-hand tab, you can edit these access preferences on the main company profile. If you select what permissions you would like to edit, you can check or uncheck the boxes for the access level you would like to grant that entity.

The Shoobx access levels are organized by working areas of Shoobx. The screenshots below list the access types and a description of each level of access. Note that the levels of access below often include some data room access. For details about granting even more data room access, see below. (For information specific to HR administrators for employee groups, see here.)

Screen_Shot_2019-07-22_at_3.55.50_PM.png

Screen_Shot_2021-01-18_at_2.51.29_PM.png

Screen_Shot_2021-10-04_at_7.09.07_AM.png

Screen_Shot_2019-07-22_at_3.58.15_PM.png

Screen_Shot_2019-07-22_at_3.58.49_PM.png

How can users with the Full Human Resources role give other people admin access?

People with Full Human Resources access are able to delegate HR-related access. The HR Administration Access permission will give users access to the portion of administration related to HR. This area includes turning on and off HR features, configuring HR workflows and defaults, managing departments, and setting up onboarding tasks for your company.

But what if I want someone to have more Data Room access than their checkbox or automatic access allows?

You can grant people even more data room access by:

  • Find the person in the user directory.
  • Click on their name to access their Profile.
  • Click on the "permissions" tab on the left of the screen.
  • Under "Granted Data Room Access: Folders," click the "Edit Access & Authorization" button (screenshot below).
  • Next, select the folder or group of folders you want the user to access. After you select the folder, two tabs directly to the right of it will appear. The first tab allows you to select the degree of access the user will have and the second tab allows you to set an expiration date for their access. 

Screenshot

Or, you can grant access to specific folders or individual documents from within the data room itself. 

You can accomplish this by:

  • Going into your data room.
  • If you want to share a folder, click on the folder to open it and then select the small symbol of a person with a plus sign next to it (in the upper right of your screen) to share the folder.
  • If you want to share a document, locate it in its folder and then click on the small orange box that appears to the right of the document's date. Then, click on the small symbol of a person with a plus sign next to it, which will appear directly under the orange box after you click on it. 

What is the "New User Approver for Internal Requests" access?

Giving someone the "New User Approver for Internal Requests" access will do two things. First, it will add an extra step so that when a trusted internal source creates a new user, the user must be approved before they are able to activate their Shoobx account. Second, you're authorizing the user you've granted this permission to (by checking the "New User Approval for Internal Requests" access box) the responsibility to approve this request to create a new user. You create this new additional step, by checking this access box. 

An example of a request to create a new user that comes from an "internal" source would be:

  • For a Company: Bob, the Head of HR, sends an offer letter to candidate Katie. Katie could not be created as a user (and the offer letter workflow can't move forward either) until a "New User Approver for Internal Requests" approves Katie's creation as a user.
  • For a Law Firm: Bill the partner of Law Firm LLP adds associate George to one of his client's Shoobx accounts so George can help him with that client. George has no Shoobx account and will not be added to the client's account until the designated New User Approver for Internal Requests approves George as an actual member of Law Firm LLP.

What is the "New User Approver for External Requests" access?

Giving someone the "New User Approver for External Requests" access will do two things. First, it will add an extra step so that when a new user request is made by an untrusted external source, they must first be approved in order to be functional. This additional step is created by checking this access box. Second, you're assigning the person you're checking the box for the responsibility of approving requests to create a new user.

An example of a request to create a new user that comes from an "external" source would be:

  • For a Company: Stephanie from Acme is in talks to create a partnership with Partners. Inc. The next step is signing an NDA. Partners Inc. uses Shoobx to send over an NDA for Stephanie of Acme to sign. Stephanie doesn't have a Shoobx account yet and is not a known user. Acme's external user approver must approve that Stephanie is indeed an employee/consultant of Acme before she will be allowed to sign the NDA on behalf of Acme inc.
  • For a Law Firm: Acme Inc. registers counsel with Law Firm LLP and identifies George as their lawyer. George has no Shoobx account and will not be added to the Law Firm LLP's account until the designated New User Approver for External Requests approves George as an actual member of Law Firm LLP.

Additional Resources:

HR Access and Permissions

Inviting a Third Party Entity to See the Data Room and/or Cap Table

Data Room

 

 

 

Sample scenarios are for illustrative purposes only.

Screenshots are for illustrative purposes only.

1093853.1.0

© 2023 FMR LLC. All rights reserved.

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.