Summary: The Onihiri Platform Places module uses a combined approach to permissions, requiring both specific role permissions and unit membership to access resources. This guide explains how unit permissions work and how to manage them effectively.

Unit Permission Basics

Two-Factor Permission Model

For a user to access unit resources, they must meet two requirements:

1. Have appropriate role permissions: Their assigned role must include the necessary permission for the action
2. Be a member of the unit: They must be explicitly added to the organizational unit

If either condition is not met, access will be denied.

How Unit Membership Affects Access

Document Access

Documents uploaded to a specific unit are only accessible to:

• Users who are members of that unit and have document read permission
• Users with global document permissions (such as Document Managers)
• System administrators

This ensures documents remain secure and only visible to relevant personnel.

Unit Information

Unit details, charts, and member information are restricted to:

• Members of the unit with appropriate permissions
• Users with global unit read permission
• System administrators

Managing Unit Membership

Adding Members to a Unit

To add a user to a unit:

1. Navigate to the Places section
2. Select the target organizational unit
3. Go to the Members tab
4. Click Add Member
5. Search for the user you wish to add
6. Select their role within the unit
7. Choose whether this is their primary unit
8. Click Add to confirm

Removing Members from a Unit

To remove a user from a unit:

1. Navigate to the Places section
2. Select the target organizational unit
3. Go to the Members tab
4. Find the user to remove
5. Click the options menu (three dots)
6. Select Remove from Unit
7. Confirm the removal

Important: When a user is removed from a unit, they immediately lose access to all unit-specific resources, including documents and tasks associated with that unit.

Primary vs. Secondary Unit Membership

Users can belong to multiple units but should have one designated as primary:

• Primary unit: The user’s main organizational affiliation
• Secondary units: Additional units where the user has responsibilities

This distinction is important for reporting and organizational structure visualization.

Common Unit Permission Scenarios

Scenario 1: Department Document Access

A department uploads sensitive documents that should only be visible to department members:

1. Documents are uploaded to the department’s unit
2. Only members of that specific unit with document read permission can view them
3. Non-members cannot see these documents, even if they have document read permission

Scenario 2: Cross-Departmental Collaboration

When users from multiple departments need to share documents:

1. Create shared documents in all relevant units, or
2. Add users as members to both departments, or
3. Use global Document Managers for oversight

Scenario 3: Organizational Restructuring

When departments merge or split:

1. Update unit memberships to reflect the new structure
2. Review document access to ensure appropriate permissions
3. Update primary unit designations as needed

Unit Permission Troubleshooting

User Cannot See Documents

If a user reports they cannot access documents within a unit:

1. Verify they are a member of the unit (check Members tab)
2. Confirm they have document read permission in their role
3. Check if the documents are correctly associated with the unit
4. Verify the documents haven’t been archived or deleted

User Cannot Upload Documents

If a user cannot upload documents to a unit:

1. Confirm they are a member of the unit
2. Verify their role includes document write permission
3. Check for any system-wide restrictions on document uploads
4. Ensure they are following the correct upload procedure

Best Practices for Unit Permissions

Regular Membership Audits

• Review unit membership quarterly
• Remove users who no longer need access
• Update role assignments based on changing responsibilities

Documentation Organization

• Structure units to reflect your organizational hierarchy
• Place documents in the most specific applicable unit
• Consider using sub-units for better permission control

Permission Testing

• Periodically test access from different user perspectives
• Create test accounts with different permission combinations
• Verify that permission boundaries are functioning as expected

Visual Permission Indicators

The Places interface includes several visual indicators to help users understand permissions:

Document Panel

• Documents you cannot edit will show a lock icon
• Your level of access is indicated in the document header
• Permission errors will be displayed when attempting unauthorized actions

Member List

• Unit roles are displayed next to each member’s name
• Head of unit is indicated with a special badge
• Your own permissions within the unit are summarized at the top

Getting Help with Unit Permissions

For additional assistance with unit permissions:

1. Contact your unit manager or administrator
2. Review system-wide permission documentation
3. Consult your organization’s specific access policies