---
title: "Defining User Permissions for Data Model Roles"
description: "In the User management workspace of the CFO Solution Platform, you can define read and/or write permissions for data model roles when editing Consolidation & Financial Planning users."
source_url: https://support.lucanet.cloud/en/documentation/administration/user-management/defining-user-permissions
language: en
last_updated: 2023-08-16
---
# Defining User Permissions for Data Model Roles

## Overview

In the **User management** workspace of the **CFO Solution Platform**, you can define read and/or write permissions for **data model roles** when editing **Consolidation & Financial Planning** users.

{% warning-box %}
All settings made in the user management of the **CFO Solution Platform** are automatically synchronized with the user management in **Lucanet.Financial Client**, provided that the platform administrator is also assigned the role of **Master** in Lucanet.Financial Client.
{% /warning-box %}

## Defining Permissions for Data Model Roles

To define permissions for data model roles:

{% stepper %}
{% stepper-step %}
In the **User management** workspace, select the user whose permissions you want to define.
{% /stepper-step %}
{% stepper-step %}
Select **Consolidation & Financial Planning,** then use the toggle button to enable **Data model roles.**
{% /stepper-step %}
{% stepper-step %}
Select a user role. The **Permissions** link will be displayed at the top right:

User roles for Consolidation & Financial Planning

{% /stepper-step %}
{% stepper-step %}
Click **Permissions** to open the dialog for assigning the permissions:

'Permissions' dialog

{% /stepper-step %}
{% stepper-step %}
(Optional) Activate the **Grant user full read and write permissions** option, if you want to grant the user full read and write permissions. Note that only **Editor** user roles can be granted full read and write permissions.
{% /stepper-step %}
{% stepper-step %}
Define specific permissions in the **My set permissions** column:

 - Activate the **Read** check box for the areas where the user is to receive read permission.
 - Activate the **Write** check box for the areas where the user is to receive write permission.\
\
For more information on the available categories and permissions, see [Categories and Permissions](https://support.lucanet.cloud/en/documentation/administration/user-management/defining-user-permissions/.md#permissions-categories).

{% /stepper-step %}
{% /stepper %}
{% idea-box %}
**Notes on User Permissions:**

- All subordinate and dependent permissions are activated automatically.
- If a **Write** permission is activated, the **Read** permission will be automatically activated and locked for editing.
- Users with **Editor** role can be assigned both **Read** and **Write** permissions. Users with **Observer** and **Group report data collector** can only be assiged **Read** permissions.
- If you set a permission for a section on the **Workspaces** tab that also exists on the **Data Access** tab, the permission will be automatically set for that section too, and vice versa.
{% /idea-box %}

## Categories and Permissions

**Permissions** are assigned within **categories**. The relationship between category and permission is as follows:

| Category | Permission |
|---------|---------|
| Workspaces | Defines which **workspaces** and **elements** are visible to the user and which elements in a workspace the user is permitted to create, change, or delete. |
| Data access | Defines which **values** are displayed and which values the user can enter, change, or delete. |
| Other permissions | Defines which **administrative activities** the user can perform and what **additional information** they can access. |

## Permissions Symbols

'Permissions' table

The following table describes what each symbol in the **Permissions** table represents:

#### 

The permission was activated manually and applies only to the selected element.

#### 

The permission was activated automatically. It is part of a superordinate permission.

#### 

The permission was activated automatically. The permission applies to the element and all subordinate elements.

#### 

Expands all levels in the permissions list.

#### 

Collapses all levels to the top level in the permissions list.

#### 

Allows selecting which permissions will be displayed. The following options are available:

- **All -** displays all permissions.
- **Not set**- displays an overview of all areas that permissions can be assigned for
- **My set permissions** - displays only those permissions that have already been assigned to the user.
- **Inherited**- displays the permissions inherited from user groups.

#### 

Shows that at least one **read** or **write** permission has been selected in the permissions list.