Skip to main content
Gainsight Inc.

Permission Groups

Gainsight NXT

This article supports Gainsight NXT, the next evolution of the Customer Success platform. If you are using Gainsight CS Salesforce Edition, you can find supporting documentation by visiting the home page, and selecting CS > Salesforce Edition.

Not sure what your team is using? Click here.

 

Overview

Permission Groups is an administration feature which facilitates a Super Admin (or an admin) to easily set up different permissions on Gainsight for Users or User groups. Admins can navigate to the Permission Groups page from Administration > Security Controls > Permission Groups. Administrators can create a Bundle from this page and assign the following different types of permission to the users based on their roles in the organization:

  • Navigation Permissions
  • Survey Permissions
  • Email Template Permissions
  • Program Permissions

A super Admin has superior permissions (all of the above permissions) by default. Gainsight provides an out of the box Bundle called DEFAULT_BUNDLE which contains the Navigation Permissions. If a user is assigned with multiple Bundles, all of the permissions in the multiple Bundles are assigned to the specific user. A Super Admin or Admin should create separate bundles to assign the Navigate Permissions and combination of Survey, Email Template, Program permissions to the user(s) as required.

Gainsight provides an out of the box bundle, VIEW_GROUP to assign navigation page permissions to enforce Gainsight View License to the specific users.

Key Terms

The following terms refer to the general designations given to various users in an organization. These designations can vary in your organization.

  • Page: A User interface (UI) on which you can perform an action or view some information is known as a Page.
  • Super Administrator: A Super Administrator (aka super admin) has access to all the Navigation Pages in Gainsight NXT and all of the different permissions available in a Permission Group. A super Admin is not required to get any permissions in Gainsight through a Permission Group. Super admin can give access to other users to access pages through Navigation Bundles. Super admin can also give administrative privileges to a user.   
  • Administrator: An Administrator (aka admin) has access to Gainsight Administration pages defined by Super Admin. Admin can grant CSMs, access to the specific Pages or restrict a CSM from accessing the specific Pages based on the work requirements. An admin cannot modify any setting related to a super admin.   
  • Customer Success Manager(CSM): A Customer Success Manager (CSM) mainly deals with the customers queries and also looks to expand the organization's customer base. CSMs do not have access to any of the Administration Pages, unless granted access through Navigation Bundle.
  • Permissions: It is a collection of settings that grants users/admins, access to various features and functionalities in Gainsight.

Hierarchy in Pages

Gainsight follows a hierarchy system in which a Page can:

  • exist individually at the highest level (1st level)
  • be nested in a page (2nd level)
  • be nested in a sub page (3rd level)

For instance:

  • Timeline page is located individually at the top most level.
  • Email Templates page is nested in the Journey Orchestrator Page.
  • Company page is nested in the General sub page, which in turn is nested in the Administration page.

Users/Admins can view the Pages in this hierarchy, only when the required permissions are granted, through Bundles. If you do not have permission to access a Page, the order in which the Pages are displayed can change.

1.png

To view the complete list of pages and sub pages:

  1. Navigate to  Administration > Security Controls > Permission Groups.
  2. Click the ellipsis menu and select Edit, for DEFAULT_BUNDLE.
  3. Click the + icon to expand all the parent pages and view sub pages.

DEFAULT_BUNDLE..gif

Bundles

Bundles facilitate super admin or an admin to easily setup access permissions in the Gainsight application. Every Bundle (other than DEFAULT_BUNDLE) consists of four types of permissions such as Navigation Permissions, Survey Permissions, Email Template Permissions, and Program Permissions.

A super admin or an admin can take a call as to which permissions should be enabled in a Bundle. To enable any permission in the Bundle, the admin must select the respective checkbox for that permission. Once the required permissions are enabled in a Bundle, the admin can grant access of the bundle to the specific users or user groups.

By default, Gainsight provides an out of the box Bundle called DEFAULT_BUNDLE. This Bundle cannot be deleted and contains only Navigation Permissions.

Gainsight provides an out of the box bundle, VIEW_GROUP to assign navigation page permissions to enforce Gainsight View License to the specific users.

IMPORTANT

  • By default, users do not have access to view any of the navigation pages in Gainsight NXT. A user gets permission to access a page via any bundle from the respective admin.
  • If a user does not have permission to access a page, he cannot even search the same through the global navigation bar. The search returns Null results.  
  • If a user has access to multiple bundles, the total access for the user is a union of all the pages assigned in all the bundles. For instance, consider that user X has access to Bundles A and B. Bundle A has permissions to access the pages a,b, and c and bundle B has permissions to access the pages  c, d, and e. User X can view a,b,c,d, and e pages.
  • If a user (neither super admin nor an admin) is granted permission to access the Navigation Permissions page, via a Bundle, the specific user can create a bundle, and add users to the Bundle.

Use case

  • Consider you are the super admin of your organization. You have a group of Gainsight administrators who perform admin related tasks and a team of CSMs who are more focused on dealing with customers.

  • You can create a Bundle for the administrators and select all checkboxes under the Administration page and grant all the administrators the permission to access this Bundle.

  • You can create another Bundle for the CSMs and select all the checkboxes other than the ones which come under the Administration page and grant all the CSMs the permission to access this Bundle.

Create a Bundle

You can create a new Bundle and assign different permissions to the users based on their roles in the organization.

To create a Bundle:

  1. Navigate to Administration > Security Controls > Permission Groups.
  2. Click + BUNDLE.
  3. Enter the following details:
  • Name of the Bundle
  • (Optional) Description
  1. Click CREATE.

2.gif

Note: Admin can also modify or delete the permission group bundles by clicking the Edit or Delete options respectively.

3P.gif

Assign Users to a Bundle

Admins can assign Users or User groups to a Bundle based on their role in the organization. Amdins can manually add Users using +USERS or they can add User Groups using +RULES.

To assign Users or User groups to a Bundle:

  1. Navigate to the Bundles list page.
  2. Select Assign Users from the options of a specific bundle.
  3. Add Users using one of the two options: + USERS or + RULES.

Add Users to a Bundle Manually

To add users to a Bundle manually:

  1. Click + USERS to add users manually. Assign Access to User window is displayed.
  2. Select the checkboxes of the users to be added. You can use the search box to search specific users.
  3. Click IMPORT, after adding all the required users.
  4. (Optional) Switch ON the Bundle administrator to grant Administrator access to the user(s). If a user is granted Admin rights for a bundle, the user can add or delete other users from the bundle.
  5. Click SAVE.

4.gif

Add Users through a Rule

You can create a Rule on the User object and define a Criteria  to add users in bulk who meet your defined criteria. Users are populated in the Assign Access to User window. You can delete any users, if required.

The process of adding users through a rule is demonstrated here. A Rule is configured to create a User group having all the Active users.

To add Active Users or Gainsight Users via a Rule:

  1. Click + Rules.
  2. Click + Criteria in the window that appears.
  3. Set the following conditions to add Active Users:
  • IsActiveUser attribute.
  • = Operator
  • Select checkbox
  • Click √
  1. Set the following conditions to add Users with Username (containing @gainsight.com):
  • Username attribute
  • = Operator
  • Enter ‘@gainsight.com’ in the Value field.
  • Click √
  1. Enter ‘A or B’ in the Advance logic field.

    Limitation: While configuring the criteria, You cannot apply filter on the Dropdown List type field with one of its item names. You should add the GSID of the item to apply filter on the dropdown list field instead.
     
  2. Click Update. Users that meet the criteria are added to the users list in the Assign Access to User window.

5.png

Notes:

  • Managers inherit all of the permissions (through Bundle) assigned to the reporting users/admins. These managers should be marked as User managers in the user/admin's records in the User object.
  • A user/admin's permissions are inherited to the next two level managers. For example, if John and Steve report to Lucy, and Lucy reports to Amanda, all of the permissions assigned to John and Steve are inherited to Lucy and Amanda.

Permission Types Under a Bundle

You can provide Users or User Group a differential access of Gainsight application using the Permission Types based on their role in the organization.

Default_Bundle has only navigation permissions to all pages whereas a Bundle has the following four types of permissions:

  • Navigation Permissions
  • Survey Permissions
  • Email Template Permissions
  • Program Permissions

Navigation Permissions

Assigning navigation level permissions to Users or User Groups allows them to view pages or sub-pages of the Gainsight application. You can select checkboxes of the respective pages or sub-pages, which you want Users or User Groups to access.

To assign navigation permissions to a Bundle:

  1. Select Edit from the ellipsis menu of any Bundle.
  2. Click + under the Title section, to expand all the pages.
  3. Select the checkbox of the page(s), sub-page(s), and sub-sub-page(s), that you want to enable for this Bundle. These navigation pages are accessible to the users that are added in this Bundle.
    Note: Selecting the checkbox of a page or sub page, does not automatically select all the nested pages. You should manually select the checkbox of every page that you want to enable for this Bundle.
  4. Click SAVE.

6.gif

Survey Permissions

Assigning survey level permissions to Users or User Groups allows them to design, distribute, analyze and administer surveys. Following are the four types of permission levels for surveys:

  • Design: Users with the “Design” permission can access the surveys design page to add and configure pages, sections, and questions. For more information on the design tab, refer to Survey Design. Users with the Design permission have access to the following:

    • Users with the module level Design permission will have access to the Question Library. For more information on the module level survey permissions, refer to the section Module Level Permissions.

    • Users with the survey level Design permission can import and save questions to the library, but can’t access it. For more information on the Survey level permissions, refer to the section Survey Level Permissions. For more information on the library, refer to Surveys Question Library.

  • Distribute: Users with the “Distribute” permission can access the surveys distribute page to publish the survey and monitor its associated programs. Users with the “Distribute” permission are automatically granted the Analyze permission so they can view responses after distribution. For more information on the distribute tab, refer to Distribute Surveys.

    Note: Admins which do not have the Distribute permission for a survey can not view it as an option while configuring a Program’s survey model.

  • Analyze: Users with the “Analyze” permission can access the surveys analyze page to view and analyze recipient responses for a published survey. For more information on the Analyze tab, refer to Surveys Analytics Overview.

  • Admin: Users with the “Admin” permission are granted the Design, Distribute, and Analyze permissions. Users with the Admin permission can also grant Admin access to another user. The survey level Admin permission enables Admin access to the specific survey, whereas from the module level permission enables Admin access to all surveys.

Notes:

  • Admin survey access is a combination of the survey level permissions and module level permissions granted to the specific admin.

  • Users which are marked as Super Admin in the User Management page have all survey permissions enabled by default.

  • Any changes made to a User record from the User Management page (such as enabling/disabling the record or applying Super Admin access) will take a maximum of 6 hours to impact the user’s survey permissions

 

Email Template Permissions

Assigning Email Template permissions to Users or User Groups allows them to design and administer the email templates. Following are the two permissions for Email Templates:

  • Design: Users will be able to design, access and create email templates.
  • Admin: Users will be able to design and administer email templates.

Program Permissions

Assigning Program level permissions to Users or User Groups allows them design, distribute, analyze and administer programs. Following are the four types of permissions for programs:

  • Design: Users will be able to design, access and create programs.
  • Distribute: Users will be able to distribute programs.
  • Analyze: Users will be able to analyze programs, Program Analytics, Cross Program Analytics.
  • Admin: Users will be able to design, distribute, analyze, and administer programs.

Remove Users from Bundle

To remove users from Bundle:

  1. Click Edit from the ellipsis icon of the Bundle that you want to modify.
  2. Click Assign Users.
  3. Select the checkboxes of the users you want to remove. You can use the search box to search for specific users.
  4. Click REMOVE USERS.
  5. Click SAVE to remove the selected users from the bundle.

7P.gif

VIEW_GROUP Permission Group

Gainsight NXT has various pages like Administration, JO, Designing Email Templates, Designing Surveys, Distributing Surveys, Cockpit, and Timeline, etc. You can control the access to all of the Gainsight pages at user level. Permission Groups allow you to group various permissions together and assign these permissions to a single or multiple users matching a criteria.

Permission Groups in Gainsight NXT allows you to group various permissions together and then easily assign users to all the grouped permissions at once. A single permission group includes Survey, Email Templates, Program related permissions, and Gainsight NXT Navigation items such as Administration, JO, Cockpit, Surveys, etc.

The VIEW_GROUP is a system defined permission group that must be assigned to all the users for whom you want to enforce the Gainsight Viewer license. This Permission group is provided out of the box to all of the customers. You cannot modify or delete this group. You can only add users to this group.

This group provides view access to five Gainsight pages; C360, R360, My Settings, Profile, and Timeline, when Gainsight Viewer group wants to access Gainsight data from the Salesforce pages, Account, Opportunity, and Case and Gainsight widget in Zendesk. Users added to this group can only view these five pages. Timeline data can be edited from the Global Timeline or Timeline tab on the C360 page. Apart from Timeline, Viewer Group users can edit data on My settings and Profile page. Viewer Group users cannot edit any other data. To learn more about Viewer License, refer to the Gainsight Viewer License section of the Team View Overview article.

The users added to the VIEW_GROUP Permission group must also be added to a specific C360 layout which is reserved for Widgets.

Add Users to VIEW_GROUP Permission Group

This section explains how to add users to the VIEW_GROUP permission group.

To add Users to the VIEW_GROUP Permission Group:

  1. Navigate to Administration > Users and Permissions> Permission Bundles. The Permission Groups page is displayed.
  2. (Optional) From the ellipsis menu, select the Edit option for VIEW_GROUP bundle, to view the pages included in the bundle.
  3. (Applicable only if the above step is executed) Click <- to return to the Permission Groups page.

8.gif

  1. From the ellipsis menu, select the Assign users option for the VIEW_GROUP bundle.

9.GIF

You can add users either through manually or by using rules. For more information on this process, refer to the Assign Users to a Bundle section.

  • Was this article helpful?