Permissions¶

QFieldCloud provides a fine grained access control over projects with the concepts of project collaborators, organization members and organization teams.

Actors¶

Unregistered user.
Simple registered user, neither collaborator of the concerned project nor member of the concerned organization nor the concerned user.
Project owner of the concerned project, the concerned user, but not collaborator nor organization member.
Project collaborator role admin of the concerned project.
Project collaborator role manager of the concerned project.
Project collaborator role editor of the concerned project.
Project collaborator role reporter of the concerned project.
Project collaborator role reader of the concerned project.
Organization owner of the concerned organization or the organization that owns the concerned project or to which belongs the user.
Organization member role admin of the concerned organization or the organization that owns the concerned project or to which belongs the user.
Organization member role member of the concerned organization or the organization that owns the concerned project or to which belongs the user.

Actions¶

❌ Not allowed
✅ Allowed
‒ Irrelevant

Action	1	2	3	4	5	6	7	8	9	10	11
List/query project's collaborator roles	❌	✅	‒	‒	‒	‒	‒	‒	‒	‒	‒
Create project's collaborator (i.e. define new collaborator)	❌	❌	✅	✅	✅	❌	❌	❌	✅	✅	❌
Update project's collaborator's info (i.e. role)	❌	❌	✅	✅	✅	❌	❌	❌	✅	✅	❌
Delete project's collaborator (i.e. remove user as collaborator)	❌	❌	✅	✅	✅	❌	❌	❌	✅	✅	❌
List organization's members	❌	✅	‒	‒	‒	‒	‒	‒	✅	✅	✅
Create organization's member (i.e. define a new member)	❌	❌	‒	‒	‒	‒	‒	‒	✅	✅	❌
Get organization's member info (i.e. role)	❌	✅	‒	‒	‒	‒	‒	‒	✅	✅	✅
Update organization's member info (i.e. role)	❌	❌	‒	‒	‒	‒	‒	‒	✅	✅	❌
Delete organization's member info (i.e. remove user as organization's member)	❌	❌	‒	‒	‒	‒	‒	‒	✅	✅	❌
List/query public projects	❌	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
List/query private projects	❌	❌	✅	✅	✅	✅	✅	✅	✅	✅	❌
Update project's info	❌	❌	✅	✅	❌	❌	❌	❌	✅	✅	❌
Create a project	❌	✅	‒	‒	‒	‒	‒	‒	✅	✅	❌
Delete project	❌	❌	✅	❌	❌	❌	❌	❌	✅	✅	❌
Add deltafile	❌	❌	✅	✅	✅	✅	✅	❌	✅	✅	❌
List project's deltafiles	❌	❌	✅	✅	✅	✅	✅	❌	✅	✅	❌
Get deltafile's status	❌	❌	✅	✅	✅	✅	✅	❌	✅	✅	❌
List project's files (qfieldsync)	❌	❌	✅	✅	✅	✅	✅	✅	✅	✅	❌
Download project's files (qfieldsync)	❌	❌	✅	✅	✅	✅	✅	✅	✅	✅	❌
Upload project's files (qfieldsync)	❌	❌	✅	✅	✅	✅	✅	❌	✅	✅	❌
Delete project's files (qfieldsync)	❌	❌	✅	✅	✅	✅	✅	❌	✅	✅	❌
List project's files (qfield)	❌	❌	✅	✅	✅	✅	✅	✅	✅	✅	❌
Download project's files (qfield)	❌	❌	✅	✅	✅	✅	✅	✅	✅	✅	❌
List users and organizations	❌	✅	‒	‒	‒	‒	‒	‒	‒	‒	‒
Get user's public informations	❌	✅	‒	‒	‒	‒	‒	‒	‒	‒	‒
Get user's detailed informations	❌	❌	‒	‒	‒	‒	‒	‒	✅	✅	❌
Update user's informations	❌	❌	✅	‒	‒	‒	‒	‒	❌	❌	❌
Delete user	❌	❌	✅	‒	‒	‒	‒	‒	❌	❌	❌
Get API status	✅	✅	‒	‒	‒	‒	‒	‒	‒	‒	‒
Add and remove secrets	‒	❌	❌	✅	❌	❌	❌	❌	‒	‒	‒

Roles¶

ProjectCollaborator¶

A collaborator of a normal user project can only be reporter or reader. Editor or manager can only be set to an organization's project.

Roles¶

A higher role always include also the lower ones

Name	Description
admin	Rename or delete the project. The same rights as the owner of the project, except ownership transfer.
manager	Can add or remove collaborators.
editor	Can edit data
reporter	Can only insert data (no update nor delete).
reader	Can read data.

OrganizationMember¶

Roles¶

A higher role always include also the lower ones

Name	Description
admin	She can add and remove members and create project
member	(difference compared to an other user is for billing reasons only)