The best way to think about Donesafe’s permission system is, an interplay between controls that grant you access to records, and additional controls that restrict your access.

How you Gain access to records:

All users start in Donesafe without access to any records. They are granted access via any of the three following methods.

  • Role/Involvement. (Required)
    In Donesafe, every user has a Role. That role dictates the level of access granted to a user as a result of their direct involvement in a record. For example, you might say that the Creator of an incident record is always allowed to view and edit that record, BUT that a Person Affected is only allowed to view. Different Roles can give higher levels of access via involvement. If user has direct access to a record via this method, they have some degree of ‘Ownership’. Records that a user ‘Owns’ show up under the ‘My Records’ filters.

  • Managerial Adoption. (Optional)
    If a user is listed as someone’s manager in Donesafe, that user can adopt the permissions of their subordinate. For example, if a user’s subordinate is allowed to view/edit a record because they were the Creator of that record, then their manager will also be able to view/edit that record. A manager who gains access to records via this method does not ‘own’ them. They can view these records by using the ‘My Team’s Records’ filters or ‘My Organisation’s Records’ filters.
    This system can be turned off by role.

  • All Permission (Optional)The final way that access can be granted to a user is via the ‘All Permission’. This can be granted via their role for View/Edit/Delete permissions per module. Additionally, then can also be granted the All permission for a specific location/module by using the Location tagging system. Records that a user has access to via the ‘All’ permission can be found by using the ‘All’ records filter.
    All permission is off by default, and must be granted.

How you Lose access to records:

Additional controls exist within Donesafe that restrict access to records. These controls restrict your access to records you otherwise would have access to as a result of the permissions discussed above.

  • Location/Org restrictions (optional)
    A user can lose rights to see a record if the location/org restriction system is active. In short, location/org restrictions indicate that a user is only allowed to see records in certain locations or organisations. So even if a user is allowed to see All Incidents, they will only be able to see All incidents in the locations that they’re allowed to see. These permission systems can be turned off or edited globally by Donesafe staff, and deactivated by specific module if active.

  • Confidential Records. (optional)
    If a record is made confidential, it will restrict all users rights to see that record unless they’re on the confidential list, OR they have a Role permission that allows them to see confidential records of that type. Having access to see confidential records will only allow you to see records you would otherwise have been able to see were it not confidential.
    To deactivate this system, give all roles rights to see confidential records.

  • Module Configuration. (optional)
    On top of all the other permissions systems, it is also possible to restrict access to certain parts of a record under certain conditions for certain users. For example, you might lock a Hazard record for editing for all users except for administrators if that record has been closed.
    Additional controls can be added in the workflow settings as well as the subform settings.


The only mandatory permission systems an account must use is the Role/Involvement system. Everything else is effectively optional and can be turned off. Finding the right balance for your organisation however will almost always involve using some or even all of these systems together; some granting access, some restricting access. The right method for you really comes down to you own business structure and processes.

Did this answer your question?