# Access Rights & Roles YouDesign Models roles define different levels of access and responsibilities within the application. Each role enables specific workflows, from global application management to read-only viewing, ensuring content quality and organizational alignment. > **Terminology:** The workflow for writing proposed changes back to the ServiceNow repository is called **Commit** in the end-user interface (see [Commit](/models/work-in-the-app/editor/commit.md)). The ServiceNow role that grants permission to run that workflow is identified as `x_inpi_yd.publish` — that's the string you use when assigning the role in ServiceNow, even though end users see it referred to as the "Commit User" role. ## Role Identifier Reference All YouDesign Models roles and groups use the `x_inpi_yd` application scope: | Display Name | ServiceNow Role Identifier | Default Group | | ---------------- | -------------------------- | -------------------- | | YouDesign Admin | `x_inpi_yd.admin` | YouDesign Admins | | YouDesign Editor | `x_inpi_yd.editor` | YouDesign Editors | | YouDesign Viewer | `x_inpi_yd.viewer` | YouDesign Viewers | | Commit User | `x_inpi_yd.publish` | YouDesign Publishers | | Shape Editor | `x_inpi_yd.shape_editor` | — | Assign these roles to users directly, or add users to the corresponding group to grant the role in bulk. ## YouDesign Models Roles ### YouDesign Admin (`x_inpi_yd.admin`) **Description:** The highest authority in the YouDesign Models application, responsible for overseeing the entire application, managing global settings, and teamspaces. **User Story:** As a YouDesign Models Admin, I have the authority to set application-wide settings, manage all Boards, and assign Teamspace Admin accounts. However, I do not have the rights to commit or approve boards. **Rights:** * Set application-wide settings * Manage all Teamspaces * Manage all Boards * Assign Teamspace Admin accounts * Inherit Teamspace Admin and Editor rights * Cannot commit or approve boards ### Teamspace Admin **Description:** The creator/owner of a Teamspace is assigned automatically as a Teamspace Admin. Additional Teamspace Admins can be assigned via the Sharing feature. They manage a specific teamspace, including its folders and boards, control team access, and ensure adherence to guidelines. **User Story:** As a Teamspace Admin, I can create and manage folders and boards within my teamspace, control team member access, and enforce guidelines. **Rights:** * Create and manage folders and boards within the assigned teamspace * Control team member access * Enforce teamspace guidelines * Inherit Editor rights > **Note:** Teamspace Admin is assigned per-teamspace via the Sharing feature rather than through a ServiceNow role. ### Editor (`x_inpi_yd.editor`) **Description:** Responsible for creating, modifying, and deleting Boards within a teamspace. They can invite other editors and viewers to a board, create new items and dependencies, and initiate the approval process for committing future state items to the ServiceNow repository. **User Story:** As an Editor, I collaborate with team members, create and edit Boards, invite others to collaborate, and initiate the approval process for committing content to the ServiceNow repository. **Rights:** * Create, modify, and delete Boards within the assigned teamspace * Create and delete folders * Invite other editors and viewers to Boards * Create new items and dependencies * Initiate approval process for committing future state items ### Viewer (`x_inpi_yd.viewer`) **Description:** Has read-only rights within YouDesign Models and can access content on the homepage and in presentation mode (shared content). Viewers cannot invite other users. **User Story:** As a Viewer, I can review content, access shared presentations, and stay informed about the design process. However, I cannot invite others to collaborate in Teamspaces or Folders. **Rights:** * Read-only access to shared content * Access to homepage and presentation mode * Cannot invite others to Teamspaces or Folders * Cannot create or delete Realtime Indicators from the RTI Panel ### Commit User (`x_inpi_yd.publish`) **Description:** A person with the Commit User role can manually delete and commit future state items, dependencies, and field changes to the ServiceNow repository. Also requires the Editor role. Assigned in ServiceNow under the role identifier `x_inpi_yd.publish`. **User Story:** As a Commit User, I can control the commit and deletion of items, dependencies, and field changes manually in the ServiceNow repository, ensuring they align with our design process and ACL settings. **Rights:** * Manually delete and commit future state items, dependencies, and field changes * Rights depend on ACLs in ServiceNow * Must also have Editor role to manage Explorer tab or commit elements ### Shape Editor (`x_inpi_yd.shape_editor`) **Description:** Grants access to edit shape libraries, shape categories, shape fields, and shape relationships. Typically assigned to a small number of users responsible for the organization's shape conventions. **Rights:** * Create, modify, and delete Shapes and Shape Categories * Configure Shape Fields visible in the Data Panel * Configure Shape Relationship styles * Does **not** include Admin or Editor rights on boards See [Shape Administration](/models/admin/shapes.md) for what this role configures. ### Approval User **Description:** Responsible for reviewing and approving board content to maintain quality and consistency. **User Story:** As an Approval User, I review and approve board content to ensure it meets quality standards and maintains consistency within our design process. **Rights:** * Review and approve board content * Approved changes are committed automatically * Inherit Viewer rights ## Role Permissions Matrix | Component | Action | UI Component | Admin | Teamspace Admin & Folder Owner | Editor & Board Owner | Viewer | Commit | | --------- | ---------------- | -------------------------- | :---: | :----------------------------: | :------------------: | :----: | :----: | | Home | Create Teamspace | Create Teamspace button | ✅ | ❌ | ❌ | ❌ | ❌ | | Home | Delete Teamspace | Delete option in More menu | ✅ | ✅ | ❌ | ❌ | ❌ | ## Role Hierarchy and Inheritance Roles follow an inheritance pattern: * **YouDesign Admin** inherits Teamspace Admin and Editor rights * **Teamspace Admin** inherits Editor rights * **Editor** inherits Viewer rights * **Approval User** inherits Viewer rights This inheritance structure ensures users have appropriate permissions for their level of responsibility without requiring multiple role assignments. ## Assigning Roles ### Initial Role Assignment After installing YouDesign Models, assign roles to users: 1. Identify users who need YouDesign Admin access to set up Teamspaces 2. Assign YouDesign Editor or Viewer roles to everyday users based on their needs 3. Use the Sharing feature to grant additional Teamspace Admin accounts to specific users ### Role Management Roles can be assigned and modified through: * ServiceNow user role assignments (directly by identifier, e.g. `x_inpi_yd.editor`) * ServiceNow group membership (add users to the matching YouDesign group) * Teamspace sharing settings (for Teamspace Admin assignments) * Board sharing settings (for Editor/Viewer assignments) > **Tip:** Any ServiceNow admin with the `x_inpi_yd.admin` role can manage YouDesign roles, groups, and ACLs. ## Key Role Details **Commit Role:** Users with the Commit User role (`x_inpi_yd.publish`) need Editor access to manage the Explorer tab or to commit elements and dependencies. **Viewer Role:** Viewers cannot create or delete Realtime Indicators from the RTI Panel. **Role Combinations:** Users can have multiple roles. For example, a user might be a Teamspace Admin in one Teamspace and an Editor in another. ## Best Practices * Assign the minimum required role for each user's responsibilities * Regularly audit role assignments to ensure proper access controls * Use Teamspace sharing to delegate Teamspace Admin responsibilities * Document role assignments for compliance and reference * Review role permissions when onboarding new users --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ins-pi.com/models/admin/access-rights-and-roles.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.