AYON provides comprehensive and granular permissions to manage user access within projects and their settings.

Overview​

• Users can be assigned one of three levels: User, Manager, or Admin.

• By default, a User does not have access to any projects.

• Access groups grant specific permissions within a project.

• To gain project access, a User must be assigned to an access group. For detailed steps, see the Adding Users to Projects section.

Top-Level Access Roles​

AYON has three main access levels: Admin, Manager, and User.

• Admin: Full access to all projects and studio settings, including the ability to add or remove other admins.

• Manager: Access to all projects and most settings, with the ability to manage users and assign roles up to the Manager level.

• User: By default, has no access to studio settings, project settings, or projects. However, access to project settings and projects can be granted based on assigned access groups.

Setting User Access Level​

Admins and Managers can assign users to access levels equal to or lower than their own on the user settings page.

Project Access Groups​

While admins and managers have automatic access to all projects, users need to be assigned to specific access groups to gain project permissions.

Access Groups are configured on the Permissions page inside of studio settings. These groups determine what actions users can perform within a project, such as reading, creating, updating, or deleting project resources.

Partial Project Access (Access List)​

Access groups can provide selective permissions, such as restricting a user to only view tasks they are assigned to, while hiding other tasks and folders.

Access List: Assigned

When the "Assigned" filter is applied, users will only have permissions for folders that contain at least one task assigned to them.

By default, this view also shows all sibling tasks within those folders. To hide these sibling tasks, go to Advanced Settings and toggle off the "Show sibling tasks" option.

Access List: Hierarchy and Children

Hierarchy and Children types define how permission paths are applied.

For example, a user with a read restriction set to the hierarchy path /assets/props will see the props folder along with all its subfolders and tasks.

The key difference between Hierarchy and Children applies only to write permissions:

• Hierarchy: Allows editing of the props folder and everything inside it.

• Children: Allows editing only of the contents inside the props folder, but not the folder itself.

User Management Permissions​

By default, users have limited project settings access. To allow roles like production coordinators to manage project-specific settings without full project and studio permissions, use customized access groups.

Example: Assigning the project_manager access group allows a user to view the project anatomy, modify project access with no access to project addon settings.

To grant a user the ability to view the Project access page and manage users, ensure they have the corresponding access group in their Default Project Access list. This provides them with access to all studio users.

Permissions Project Overrides​

Permissions apply to all projects by default but can be customized for individual projects on the Projects Permissions page in Project Settings.

Default Project Access​

Users can be assigned default access groups for new projects. This ensures they automatically receive those access groups when new projects are created. Note that this does not apply retroactively to existing projects.

Adding Users to Projects​

To grant project access to a user, assign them to one or more access groups for each project:

1. Navigate to the Project access page in Project Settings.

   

2. Select one or multiple projects to give users access to.

3. Choose one or more users to assign the access groups to.

4. Assign one or more access groups to these users for the selected projects.

This approach allows for precise control of user permissions on a per-project basis.