Roles & Permissions
Roles and Permissions help enforce access control, ensuring that sensitive data and documents are accessible only by authorized users while ensuring that users can collaborate effectively. At Canopy, we take security seriously and offer a flexible and customizable approach to managing user access.
We categorize user permissions into two levels: Tenant Level and Project Level.
Roles set at the Tenant level control user access for logging in to the application and user permissions at the application level. The highest level of access is the Tenant Administrator role, who has full access to all features and settings within the tenant. This role is typically assigned to the person responsible for managing the account and its users. The Tenant Administrator can add users and assign them to one of three roles, each with different levels of access: Admin, Project Creator, and User.
| Tenant Permission | Tenant Admin | Project Creator | User |
|---|---|---|---|
| Personal Setting | Yes | Yes | Yes |
| Tenant Setting | Yes | ||
| Create Projects | Yes | Yes | |
| Select Any Project | Yes | ||
| Select Projects they Created | Yes | Yes | |
| Select Assigned Projects | Yes | Yes | Yes |
| Add Users to Projects | Yes | Configurable | Configurable |
| Delete Users | Yes |
The Admin or Tenant Administrator role has complete access to all features, projects, and settings within the tenant. This includes the ability to manage users, projects, and user settings.
The Project Creator role can create new projects and manage their own projects. Once they create a project, they are automatically assigned as a Project Administrator. This user role cannot access the Tenant Settings and projects created by other users unless assigned.
The User role can view and edit only the projects they have been assigned to. Users in this role do not have access to the Tenant Settings and cannot create new projects.
A Tenant hosts multiple projects, each with its own set of users with different project roles. There are four primary user permission levels within a project: Project Administrator, Review Manager, Review User, and Lite Reviewer.
One user in a tenant can have multiple roles across different projects. For example, a user can be a Project Administrator in one project and a Review User in another project within the same tenant.
| Project Permission | Tenant Admin | Project Admin | Review Manager | Review User | Lite Reviewer |
|---|---|---|---|---|---|
| Project Setting | Yes | Yes | Yes | ||
| Review Module | Yes | Yes | Yes | Yes | |
| Batch Module | Yes | Yes | Yes | Yes | Yes |
| Analytics Module | Yes | Yes | Yes | Yes | |
| Entity Module | Yes | Yes | Yes | Yes | |
| Data Module | Yes | Yes | Yes | ||
| Export Documents, Entities, Activities | Yes | Yes | Yes | ||
| Modify Bulk Edited Entities | Configurable | Configurable | Configurable | ||
| Document Search | Yes | Yes | Yes | Yes | Limited to Single Document ID Search |
| Delete Project | Yes | Yes | |||
| Delete Entities From the Entity List | Yes | Yes | Yes | Configurable | |
| Add Users from Project | Yes | Configurable | Configurable | ||
| Suggested Entity Tab in the Document View | Yes | Yes | Yes | Configurable | Configurable |
| Download Document | Yes | Yes | Yes | Configurable | Configurable |
| Bulk Audio Transcription | Yes | Yes | Yes | ||
| Access Job Manager | Yes | Yes | Yes |
A Project Admin has full access to all project features and settings. This may include changing security settings, assigning users to different roles, and removing users from the project. This role is typically assigned to the person responsible for managing the project and its users.
For security purposes, the Project Admin and Review Manager can only view the users from their company and assign them to the project accordingly.
In Canopy, the Review Manager has the same access as the Project Admin except that the Review Manager cannot delete a project.
This role is typically assigned to users who are responsible for managing the review process within the project.
The Review User role has limited access to project features and does not have access to project settings. This user can view the document list, batch page, entity list, and analytics report. However, while the Review User can access the document list, they cannot export the documents.
This role is typically assigned to users responsible for reviewing and approving documents within the project.
A Lite Reviewer has the most limited access to the project features. This user can only view the batch page and has access only to the batches section within batches that they have been assigned. They have to check out the batch to view the documents in the batch.
Lite Reviewer has access to a search bar that allows them to search using document ID outside their batch. This function is essential for Review Manager to communicate with and provide Lite Reviewer the ability to see an example reviewed document.
The Project Creator and User roles can be configured to allow or restrict the ability to add users to projects. This is done by the Tenant Admin in the Tenant Settings when the Tenant Admin first adds the Project Creator or User to the tenant.
Switching the toggle to the right (green) allows users to add other users to their projects. Otherwise, they will not have permission to do so.
When multiple raw entities have been bulk edited, the Project Admin and Review Manager may or may not be able to modify those edited entities. To allow or restrict modifications to bulk edited entities, the Project Admin or Review Manager must configure the permissions in the Project Settings by following these steps:
- Navigate to the Project Settings and click Review
- Under the General Settings, click Manage
- Click the toggle switch on the Allow Admins and Review Managers to modify bulk edited entities to allow or restrict the permission.
By default, the Project Admin and Review Manager have permission to delete entities from the entity list, while the Review User does not. To grant or restrict the Review User’s ability to delete entities, the Project Admin or Review Manager must configure the permission in the Project Settings by following these steps:
- Navigate to the Project Settings and click Review
- Under the General Settings, click Manage
- Click the toggle switch on the Allow Reviewers to delete entities in the entity list to allow or restrict the permission.
Users may sometimes see the Suggested Entities tab when they open a document in the Document View. This tab displays a list of suggested entities and the elements detected in the document.
However, default access to the Suggested Entities tab is restricted for Review User and Lite Reviewer roles.
To enable or limit access to the Suggested Entities tab for these roles, a Project Admin or Review Manager must configure the permissions in the Project Settings by following these steps:
- Navigate to the Project Settings and click Review
- Under the Review Management, click Manage
- Click the toggle switch on the Show auto suggestion panel to allow or restrict the permission. Users can choose to give access to both Review User and Lite Reviewer, or only one of them by clicking the user icon after the toggle has been switched to ‘green’.
After documents are processed and ready for assessment, authorized users can download them. By default, Tenant Admin, Project Admin, and Review Manager have this capability.
Review Users and Lite Reviewers do not have download permissions by default. Project Administrators or Review Managers must explicitly grant this access through the Project Settings.
To grant or restrict the ability for Review Users and Lite Reviewers to download documents, follow these steps:
- Navigate to the Project Settings and click Review tab
- Under the Review Management, click Manage
- Locate the Allow Users to Download Documents toggle switch.
- Click the toggle to switch it to ‘green’ (on) to allow downloads for both user types.
- To grant access to specific roles (Review User and/or Lite Reviewer), ensure the toggle is ‘green’ and then click the user icon next to it to select the desired roles.
To ensure transparency and accountability, Canopy logs the document download configuration changes in the project’s Activity History. This log records who granted or revoked document download permission (for Review User or Lite Reviewer or both) and the timestamp of the change.
Authorized users can download documents from the following locations within the application:
- Document Page
When on the Document Page, click the Download Document icon located on each document row to download the respective file.
- Document View
When you open a document in the Document View, you can download the document by first clicking on the kabab icon in the top right corner of the document view. Then, select the Download Document from the dropdown menu.
- Entities Page
When you are on the Entities Page, you can download the document associated to the specific entity by first clicking on the View Detail on the desired entity. Then, you will land on the entity detail page. Select the Download Document icon to download the document.
If the Allow Users to Download Documents setting is disabled for Review Users and Lite Reviewers, they will encounter the following:
- Document Page
The Download Document icon will be disabled. Hovering over the download icon will display a tooltip indicating that download permission is required.
- Document View
The Download Document option will be disabled within the kabab icon dropdown menu. Hovering over the disabled option will display a tooltip indicating that download permission is required.
- Entities Page
On the entity detail page, the Download Document option will be disabled, similar to the Document View.
