Skip to main content

Circle Role Permissions, Category and Space permission overrides, and Permission Hierarchy

Trent Howes
  • Updated

How Circle Permissions and Overrides Work

Roles Are the Starting Point

Every member gets permissions from their Circle roles.

If someone has multiple roles, their permissions are combined. If any role gives them a permission, they usually have it.

Example:

  • Everyone can send messages.
  • Event Team can create events.
  • A member with both roles can send messages and create events.

Categories and Spaces Can Override Roles

A category or space can change what a role is allowed to do in that specific area.

A category override affects the spaces inside that category.

A space override affects only that one space.

Permission Hierarchy

For a space inside a category, permissions are checked in this order:

1. User override for the space
2. Role override for the space
3. User override for the category
4. Role override for the category
5. Circle roles

The higher item wins.

For a space with no category:

1. User override for the space
2. Role override for the space
3. Circle roles

For a category:

1. User override for the category
2. Role override for the category
3. Circle roles

What Inherit Means

Inherit means “use the permission from the level above.”

Examples:

  • A space usually inherits from its category.
  • A category usually inherits from Circle roles.
  • If nothing is customized, the member’s Circle roles decide what they can do.

What Allow, Deny, and Inherit Mean

When editing an override:

  • Allow gives the permission here.
  • Deny removes the permission here.
  • Inherit means this override does not decide; use the next level down.

Example:

If Role1 can send messages at the Circle level, but a space denies Send Messages for Role1, members with Role1 cannot send messages in that space. They can still send messages elsewhere.

Refer to the "Multiple Roles" section below explaining how allow/deny works when a user has multiple roles with conflicting allow/deny overrides.

User Overrides Beat Role Overrides

User overrides are the most specific.

If a role says someone cannot access a space, but a user override allows that specific person, they can access it.

Use user overrides for rare exceptions. If several people need the same access, create a role and assign it to them instead.

Space Overrides Beat Category Overrides

A category can set broad rules for many spaces.

A space can then make an exception.

Example:

  • Category: Everyone cannot send messages.
  • One space inside that category: Members role can send messages.

That one space follows the space override.

Multiple Roles

If a member has more than one role, their roles are considered together.

A permission allowed by one specific role can give access even if another role does not.

Example:

  • Everyone is denied access to Staff Chat.
  • Staff is allowed access to Staff Chat.
  • A member with both Everyone and Staff can access Staff Chat.

Viewing Spaces Inside Categories

To see a space inside a category, a member must be able to view both the category and the space. 

If they cannot view the category, they will not see the spaces inside it.

Who Can Edit Roles and Overrides

Role hierarchy controls who can manage whom.

A higher role can manage lower roles. A lower role cannot manage higher roles or equal roles.

Example hierarchy:

1. Admin
2. Sr Moderator
3. Jr Moderator
4. Everyone

An Admin can manage Sr Moderator, Jr Moderator, and Everyone.

A Sr Moderator can manage Jr Moderator and Everyone.

A Jr Moderator cannot manage another Jr Moderator, a Sr Moderator, or an Admin.

Managing Members

The same hierarchy applies to members.

You can only manage members whose highest role is below your highest role.

You cannot manage:

  • yourself
  • someone with the same highest role as you
  • someone with a higher role than you
  • the Circle creator

Managing Roles

You can only edit, reorder, assign, or remove roles below your highest role.

You cannot give yourself more power by editing your own level or anything above it.

You cannot assign/remove permissions that you don't have yourself.

Only the Circle creator can manage Co-Creator access.

Managing Category and Space Overrides

To edit category or space overrides, you need permission to manage spaces.

Even then, hierarchy still applies:

  • You can only edit overrides for roles below your highest role.
  • You can only edit user overrides for members below your highest role.
  • You cannot edit your own user override.
  • You cannot grant permissions you do not have yourself.

Practical Examples

Private Staff Space

Goal: only staff can see the space.

Set the Staff space:

- Everyone: View Space = Deny
- Staff/Admin: View Space = Allow

Private Category

Goal: hide a whole group of spaces from regular members.

Set the category:

- Everyone: View Space = Deny
- Staff/Admin: View Space = Allow

Spaces inside that category will follow the category unless a space override changes something.

One Person Exception

Goal: one member can access a space without creating a role.

Set a user override on that space:

That user: View Space = Allow

Use this sparingly. If multiple people need access, create a role.

Best Practice

Use this order when setting up permissions:

  1. Set normal access with Circle roles.
  2. Use category overrides for broad exceptions.
  3. Use space overrides for specific exceptions.
  4. Use user overrides only for one-off cases.

That keeps permissions easier to understand and easier to fix later.

Questions?

Contact us: support@concord.digital

Comments

0 comments

Article is closed for comments.

Powered by Zendesk