Skip to main content
Gainsight Inc.

Permission Bundles

Gainsight NXT

 

This article explains admins about Permission Bundles in Gainsight.

Overview

Gainsight NXT has various pages like Administration, JO, Designing Email Templates, Designing Surveys, Distributing Surveys, Cockpit, and Timeline, etc. You can control the access to all of the Gainsight pages at user level. Permission Bundles allow you to group various permissions together and assign these permissions to a single or multiple users matching a criteria.

Permission Bundles is an administration feature which facilitates a Super Admin (or an admin) to easily set up different permissions on Gainsight for Users or User groups. Admins can navigate to the Permission Groups page from Administration > Permission Bundles. Administrators can create a custom Permission Bundle from this page and assign the following different types of permission to the users based on their roles in the organization:

  • Navigation Permissions
  • Survey Permissions
  • Email Template Permissions
  • Program Permissions

A super Admin has superior permissions (all of the above permissions) by default. Gainsight provides an out of the box Bundle called DEFAULT_BUNDLE which contains the Navigation Permissions. If a user is assigned with multiple Bundles, all of the permissions in the multiple Bundles are assigned to the specific user. A Super admin or admin should create separate bundles to assign the Navigate Permissions and combination of Survey, Email Template, Program permissions to the user(s) as required.

Gainsight provides an out of the box bundle, VIEW_GROUP to assign navigation page permissions to enforce Gainsight View License to the specific users.

Key Terms

The following terms refer to the general designations given to various users in an organization. These designations can vary in your organization.

  • Page: A User interface (UI) on which you can perform an action or view some information is known as a Page.
  • Super Administrator: A Super Administrator (aka super admin) has access to all the Navigation Pages in Gainsight NXT and all of the different permissions available in a Permission Group. A super Admin is not required to get any permissions in Gainsight through a Permission Group. Super admin can give access to other users to access pages through Navigation Bundles. Super admin can also give administrative privileges to a user.   
  • Administrator: An Administrator (aka admin) has access to Gainsight Administration pages defined by Super Admin. Admin can grant CSMs, access to the specific Pages or restrict a CSM from accessing the specific Pages based on the work requirements. An admin cannot modify any setting related to a super admin.   
  • Customer Success Manager(CSM): A Customer Success Manager (CSM) mainly deals with the customers queries and also looks to expand the organization's customer base. CSMs do not have access to any of the Administration Pages, unless granted access through Navigation Bundle.
  • Permissions: It is a collection of settings that grants users/admins, access to various features and functionalities in Gainsight.

Hierarchy in Pages

Gainsight follows a hierarchy system in which a Page can:

  • exist individually at the highest level (1st level)
  • be nested in a page (2nd level)
  • be nested in a sub page (3rd level)

For instance:

  • Timeline page is located individually at the top most level.
  • Email Templates page is nested in the Journey Orchestrator Page.
  • Company page is nested in the Customer Data sub page, which in turn is nested in the Administration page.

Users/Admins can view the Pages in this hierarchy, only when the required permissions are granted, through Bundles. If you do not have permission to access a Page, the order in which the Pages are displayed can change.

Home 2023-12-21 at 10.49.16 AM.jpgHome 2023-12-21 at 10.48.16 AM.jpg

To view the complete list of pages and sub pages:

  1. Navigate to  AdministrationPermission Bundles.
  2. Click the ellipsis menu and select Edit, for DEFAULT_BUNDLE.
  3. Click the + icon to expand all the parent pages and view sub-pages.

Home 2023-12-21 at 10.55.44 AM.jpg

Bundles

Bundles facilitate super admin or an admin to easily setup access permissions in the Gainsight application. Every Bundle (other than DEFAULT_BUNDLE) consists of four types of permissions such as Navigation Permissions, Survey Permissions, Email Template Permissions, and Program Permissions.

A super admin or an admin can take a call as to which permissions should be enabled in a Bundle. To enable any permission in the Bundle, the admin must select the respective checkbox for that permission. Once the required permissions are enabled in a Bundle, the admin can grant access of the bundle to the specific users or user groups.

By default, Gainsight provides an out of the box Bundle called DEFAULT_BUNDLE. This Bundle cannot be deleted and contains only Navigation Permissions.

Gainsight provides an out of the box bundle, VIEW_GROUP to assign navigation page permissions to enforce Gainsight View License to the specific users.

IMPORTANT:

  • By default, users do not have access to view any of the navigation pages in Gainsight NXT. A user gets permission to access a page via any bundle from the respective admin.
  • If a user does not have permission to access a page, he cannot even search the same through the global navigation bar. The search returns Null results.  
  • If a user has access to multiple bundles, the total access for the user is a union of all the pages assigned in all the bundles. For instance, consider that user X has access to Bundles A and B. Bundle A has permissions to access the pages a,b, and c and bundle B has permissions to access the pages c, d, and e. User X can view a,b,c,d, and e pages.
  • If a user (neither super admin nor an admin) is granted permission to access the Navigation Permissions page, via a Bundle, the specific user can create a bundle, and add users to the Bundle.
  • You can find the SP_INTERNAL_USER_GROUP from the list of Permission Groups but you cannot add users to this Group manually. This is designed for internal purposes to assign the people automatically while sharing a Success Plan.

Use case

  • Consider you are the super admin of your organization. You have a group of Gainsight administrators who perform admin related tasks and a team of CSMs who are more focused on dealing with customers.

  • You can create a Bundle for the administrators and select all checkboxes under the Administration page and grant all the administrators the permission to access this Bundle.

  • You can create another Bundle for the CSMs and select all the checkboxes other than the ones which come under the Administration page and grant all the CSMs the permission to access this Bundle.

VIEW_GROUP Permission Bundle

The VIEW_GROUP is a system defined permission group that is automatically assigned to Viewer licensed users. This Permission group is provided out of the box to all of the customers. You cannot modify or delete this group.

This group provides view access to six Gainsight pages: C360, R360, My Settings, Profile, Timeline, and Adoption Explorer when Gainsight Viewer group wants to access Gainsight data from the Salesforce pages, Account, Opportunity, and Case and Gainsight widget in Zendesk.

Users added to this group can only view these six pages. Timeline data can be edited from the Global Timeline or Timeline tab on the C360 page. Apart from Timeline, Viewer Group users can edit data on My settings and Profile page. Viewer Group users cannot edit any other data. To learn more about Viewer License, refer to the Gainsight Viewer License section of the Team View Overview article. The users added to the VIEW_GROUP Permission group must also be added to a specific C360 layout which is reserved for Widgets.

VIEWANALYTICS_GROUP

Users with Viewer+ Analytics license are automatically assigned with this Permission Bundle. This Permission Bundle is provided out of the box to all of the customers. Admins cannot modify or delete this group.

Create a Custom Bundle

You can create a new Bundle and assign different permissions to the users based on their roles in the organization.

To create a Bundle:

  1. Navigate to Administration > Permission Bundles.
  2. Click + BUNDLE.
  3. Enter the following details:
  • Name of the Bundle
  • (Optional) Description
  1. Click CREATE.

Create Bundle.jpg

Note: Admin can also modify or delete the permission group bundles by clicking the Edit or Delete options respectively.

Edit or delete.jpg

Assign Users to a Bundle

Admins can assign Users or User groups to a Bundle based on their role in the organization. Admins can manually add Users using +USERS or they can add User Groups using +RULES.

To assign Users or User groups to a Bundle:

  1. Navigate to the Bundles list page.
  2. Select Assign Users from the options of a specific bundle.
  3. Add Users using one of the two options: + USERS or + RULES.

Assign User.jpg

Add Users to a Bundle Manually

To add users to a Bundle manually:

  1. Click + USERS to add users manually. Assign Access to User window appears.
  2. Select the checkboxes of the users to be added. You can use the search box to search specific users.
  3. Click IMPORT, after adding all the required users.
  4. (Optional) Switch ON the Bundle administrator to grant Administrator access to the user(s). If a user is granted Admin rights for a bundle, the user can add or delete other users from the bundle.
  5. Click SAVE.

Add Users.jpg

Add Users through a Rule

You can create a Rule on the User object and define a Criteria  to add users in bulk who meet your defined criteria. Users are populated in the Assign Access to User window. You can delete any users, if required.

The process of adding users through a rule is demonstrated here. A Rule is configured to create a User group having all the Active users.

To add Active Users or Gainsight Users via a Rule:

  1. Click + Rules.
  2. Click + Criteria in the window that appears.
  3. Set the following conditions to add Active Users:
  • IsActiveUser attribute.
  • = Operator
  • Select checkbox
  • Click √
  1. Set the following conditions to add Users with Username (containing @gainsight.com):
  • Username attribute
  • = Operator
  • Enter ‘@gainsight.com’ in the Value field.
  • Click √
  1. Enter ‘A or B’ in the Advance logic field.

    Limitation: While configuring the criteria, You cannot apply filter on the Dropdown List type field with one of its item names. You should add the GSID of the item to apply filter on the dropdown list field instead.
     
  2. Click Update. Users that meet the criteria are added to the users list in the Assign Access to User window.

5.png

Notes:

  • Gainsight dynamically adds users to the Permission Group based on the specified criteria in the rule.

  • Gainsight adds another condition to add only Full Licensed Users to the Permission Group, when adding users to the Permission Group through a rule, in addition to the criteria specified in the rule, i.e., the license type attribute will not be available while creating rules in Permission Bundles, as by default only Full Licensed Users are considered.

  • When a user is manually removed from the Permission Group, then the same user cannot be added to the Permission Group via a rule. However, the same user can be added manually to the Permission Group.

  • Managers of Gainsight users do not automatically inherit the permissions granted to those users through Permission Bundles. Managers are treated as separate users, and their permissions must be granted through specific Permission Bundles.

  • Data permissions assigned to a user or admin extend to their immediate managers and the managers above them. For instance, if John and Steve report to Lucy, and Lucy reports to Amanda, the data permissions assigned to John and Steve also apply to Lucy and Amanda.

Permission Types Under a Bundle

You can provide Users or User Group differential access of Gainsight application using the Permission Types based on their role in the organization.

Default_Bundle has only navigation permissions to all pages whereas a Bundle has the following four types of permissions:

  • Navigation Permissions
  • Survey Permissions
  • Email Template Permissions
  • Program Permissions

Navigation Permissions

Assigning navigation level permissions to Users or User Groups allows them to view pages or sub-pages of the Gainsight application. You can select checkboxes of the respective pages or sub-pages, which you want Users or User Groups to access.

To assign navigation permissions to a Bundle:

  1. Select Edit from the ellipsis menu of any Bundle.
  2. Click + under the Title section, to expand all the pages.
  3. Select the checkbox of the page(s), sub-page(s), and sub-sub-page(s), that you want to enable for this Bundle. These navigation pages are accessible to the users that are added in this Bundle.
    Note: Selecting the checkbox of a page or sub page, does not automatically select all the nested pages. You should manually select the checkbox of every page that you want to enable for this Bundle.
  4. Click SAVE.

6.gif

Survey Permissions

Assigning survey level permissions to Users or User Groups allows them to design, distribute, analyze and administer surveys. Following are the four types of permission levels for surveys:

  • Design: Users with the “Design” permission can access the surveys design page to add and configure pages, sections, and questions. For more information on the design tab, refer to Survey Design. Users with the Design permission have access to the following:

    • Users with the module level Design permission will have access to the Question Library. For more information on the module level survey permissions, refer to the section Module Level Permissions.

    • Users with the survey level Design permission can import and save questions to the library, but can’t access it. For more information on the Survey level permissions, refer to the section Survey Level Permissions. For more information on the library, refer to Surveys Question Library.

  • Distribute: Users with the “Distribute” permission can access the surveys distribute page to publish the survey and monitor its associated programs. Users with the “Distribute” permission are automatically granted the Analyze permission so they can view responses after distribution. For more information on the distribute tab, refer to Distribute Surveys.

    Note: Admins which do not have the Distribute permission for a survey can not view it as an option while configuring a Program’s survey model.

  • Analyze: Users with the “Analyze” permission can access the surveys analyze page to view and analyze recipient responses for a published survey. For more information on the Analyze tab, refer to Surveys Analytics Overview.

  • Admin: Users with the “Admin” permission are granted the Design, Distribute, and Analyze permissions. Users with the Admin permission can also grant Admin access to another user. The survey level Admin permission enables Admin access to the specific survey, whereas from the module level permission enables Admin access to all surveys.

Notes:

  • Admin survey access is a combination of the survey level permissions and module level permissions granted to the specific admin.

  • Users which are marked as Super Admin in the User Management page have all survey permissions enabled by default.

  • Any changes made to a User record from the User Management page (such as enabling/disabling the record or applying Super Admin access) will take a maximum of 6 hours to impact the user’s survey permissions

Email Template Permissions

Assigning Email Template permissions to Users or User Groups allows them to design and administer the email templates. Following are the two permissions for Email Templates:

  • Design: Users will be able to design, access and create email templates.
  • Admin: Users will be able to design and administer email templates.

Program Permissions

Assigning Program level permissions to Users or User Groups allows them design, distribute, analyze and administer programs. Following are the four types of permissions for programs:

  • Design: Users will be able to design, access and create programs.
  • Distribute: Users will be able to distribute programs.
  • Analyze: Users will be able to analyze programs, Program Analytics, Cross Program Analytics.
  • Admin: Users will be able to design, distribute, analyze, and administer programs.

Productivity and Workflow (Cockpit, Success Plans,Timeline)

You can use the following permissions to determine the level of access users have to sensitive data. This is especially important in the case of Sharing Groups who need only limited access to data to fulfill their job.

  • Create and edit views with advanced filters : Clear this checkbox to prevent the Sharing Group users from creating and editing views using the advanced filters option on the Cockpit List View page.
  • Use Column Configurator:  Clear this checkbox to prevent users from adding new columns to the Cockpit list view page. This ensures that they do not have access to any sensitive information which is not intended for them.

Permission Bundles 2023-04-13 at 10.32.47 AM.jpg

Granular Permissions for Cockpit and Success Plan 

The following permissions can be assigned while managing user permissions within the system, especially for Sharing Groups that need restricted data access to fulfill their roles:

Cockpit Permissions:

The Cockpit has improved settings, allowing admins to better control user actions, thus enhancing data security and efficiency.

  • Delete CTA: Grants the ability to remove a CTA.
  • Create CTA: Enables the creation of new CTAs.
  • Apply Playbook: Allows adding Playbooks to a CTA.

Permission bundle 1 (1).jpeg

Success Plan Permissions:

These permissions are crucial for regulating access to sensitive data and ensuring that users have the necessary level of access to perform their duties effectively.

  • Delete Success Plan: Authorizes the deletion of a Success Plan.
  • Create Success Plan: Permits the creation of new Success Plans.
  • Apply Template: Enables the addition of Templates to Success Plans.
  • Share Success Plan: Allows sharing a Success Plan with others.

permission bundle 2 (1).jpeg

Remove Users from Bundle

Admins can remove the remove the users from the permission bundle.

Note: Admins cannot remove User(s) from the VIEW_GROUP bundle page as it removes the View Permission bundle associated with the Viewer Licensed users.

To remove users from Bundle:

  1. Click Edit from the ellipsis icon of the Bundle that you want to modify.
  2. Click Assign Users.
  3. Select the checkboxes of the users you want to remove. You can use the search box to search for specific users.
  4. Click REMOVE USERS.
  5. Click SAVE to remove the selected users from the bundle.

Remove Users.jpg

 

  • Was this article helpful?