Managing permissions and roles

In this article, you will learn how to add roles to users and control their access and permissions on individual projects.

Fredrik Limsater avatar
Written by Fredrik Limsater
Updated over a week ago


A user can be restricted to only seeing and changing certain sections or parts of ftrack, and this is entirely up to the user administrator. Everything regarding permissions can be changed in the permissions and roles system. Custom roles can be set up that restrict what a user can do and not do, and these roles can be assigned to specific users depending on needs.

Managing roles

ftrack comes with five default roles that fit most studios, but sometimes you want to be more detailed on what can be seen and changed. The Roles page in Settings can be used to add, edit and remove roles.

You can access the page from the System Settings > Security > Roles.

The default roles are:

  • Restricted user

This user can only see the project he/she is assigned to and only change the status of assigned tasks.

  • User

This user can see all projects and can change the status of all tasks.

  • Project manager

This user can create, edit and remove projects and project-related objects (except users).

  • Administrator

This user can change everything in ftrack, add and remove users and see all data in the system.

  • API

This user role can only be used for the generation of global API keys.

To create a new role, follow these steps:

  1. Click the Create button.

  2. In the dialog that appears, enter a name for the role and select the type of role you would like to create. Currently, there are two role types: Assigned and Project. The difference between them is which projects they apply to.

  3. Depending on the role type selected, you may now select what the role should be able to do and not do by checking and unchecking the boxes in front of the actions you want the role to have.

  4. When you’re finished, click Save.

Tip: If you want to base your new role on an existing one, you can clone it and save it as a new role by selecting which role you want to base it on in the Clone drop-down and then make your changes.

To edit a role, click the edit icon in the shortcuts column on the corresponding row to a role you would like to edit. The same dialog as when adding a role is opened and pre-entered with the settings of the role. Click Save when finished.

To remove a role, click the trash can icon in the shortcuts column. A dialog will appear to let you confirm the removal.

Manage roles for a users

Access can be added to All open projects.

Or only to specific ones (including private projects).

Managing roles with the Role editor

With the role editor, you can customize your roles completely from the bottom up. From being allowed to only see a specific dashboard to being allowed to only change and save a value in a custom attribute, you have very good possibilities to decide what a user with a specific role should be allowed to perform.

When creating a new role, it’s as easy as choosing a name for it and then selecting permissions by checking the boxes for what the role should be allowed to perform.

The role type option is important because it decides available permissions to set on the role. Users with roles that have the:

  • ASSIGNED role type will only be allowed to perform actions that he/she has permission to perform on assigned tasks. This will also limit the user to only seeing projects with tasks he/she is assigned to.

  • PROJECT role type will be allowed to perform actions that he/she has permission to perform project-wide on specified projects.

Changing the default role

When creating a new user account, it will be given a default role which can be changed later.

You can change which role is default from System settings > Security > Settings > Default role, using the drop-down menu to set your preference.

Did this answer your question?