If no Roles are enabled, DailyStory defaults to all users granted Administrative permissions.
For many customers, this is the recommended configuration. This ensures that all users have the ability to manage their DailyStory settings and configuration.
The statement "Roles are enabled" means that a role has been created. If no roles exist, then roles are considered disabled.
If Roles are enabled, the DailyStory uses permissions to control access.
DailyStory's permission system is a grant-based permission model. This means that when roles are enabled users must be granted, or given, permissions to perform actions.
There is a single "Super User" account known as the Site Owner. The Site Owner is configured in Account Settings. The Site Owner is always granted Administrator-level permissions and cannot be deleted from the list of users for the application.
The Site Owner is a fail-safe account to ensure you cannot be locked out of your DailyStory account.
The Site Owner permission is set by selecting a user in Account Settings. Any user with the Administrator permission can set the Site Owner.
While the Site Owner is always granted the Administrator permission, a Role can also be granted the Administrator permission. This allows you to grant multiple users the Administrator permission.
To create an Administrator role, create a new Role, and check
Administrator this will also automatically check all other permissions to indicate that these permissions are also being granted.
While checking all other permissions other than
Administratorgrants similar rights, this doesn't give access to administrator features.
Administrator permission also grants access to the Admin section of your DailyStory application. Features such as configuring roles, adding users, enabling integrations, setting site options, creating API keys and more are all restricted to the
Application permissions grant users in the role the ability to either view or manage features.
These permissions are identified as:
[Feature Name]CanView- view items related to the feature
[Feature Name]CanManage- view, create, or edit related to the feature
[Feature Name]CanManageincludes the
[Feature Name]CanViewpermission. Granting both is unncessary.
Feature-level permissions include:
A user in a role that has been granted the
CampaignCanView permission, but not the
CampaignCanManage permission has the ability to view campaigns. However, if an attempt is made to edit the campaign, add a lead, edit a workflow, or anything else related to changing the campaign a Access Denied error message is shown:
If you choose to enable roles we recommend creating two roles:
Administratorpermission and add yourself and other users that need this permission to it.
Below are some frequently asked questions.
DailyStory is designed to grant the highest level of permission given by the roles a user belongs to. If a user in in multiple roles and the first role does not grant a permission, e.g.
CampaignCanManage, but the second role does grant it, the user is given
No, but we recommend using names such as "Administrator" or "Content Editors" to help indicate what the role is used for.
No, all API calls have full permission to perform all actions in DailyStory available through the API.
No, you are not allowed to have two roles with the same name.
Permissions are granted per-session. Therefore changes in a role's permissions are applied the next time the user logs in.
Contact your site owner, they will need to login and add your account to an appropriate role to grant you the permissions you need.