The Quip admin console has a number of powerful controls, and you may wish to limit which admin can access certain settings. You can use Admin Roles to create custom admin profiles and assign them to specific users. For example, if your organization has a team that responds to user issues, you could create a Help Desk Admin role with the ability to manage users and groups, and therefore respond to tickets, but without access to sensitive security and configuration settings.
Note: if your site had admins before Admin Roles launched in March 2020, all admins defaulted to the Super Admin role, which aligns with the permissions that they had before.
You create and manage roles by clicking Settings, then Site Settings, in the left sidebar, and scrolling down to Admin Roles.
There are two admin roles available at your site by default, which cannot be edited or deleted. The Super Admin role can view and edit everything within your site, with the exception of unredacted access to content. The Site Admin role can view and edit everything except billing, unredacted access to content, and management of admin roles.
To create a custom profile, click the “Create New Role” button and choose a unique name for the role, then select the appropriate level for each permission set in the matrix below.
There are three permissions levels:
- Edit permissions give the admin full access to see and modify the setting or information.
- View permissions let the admin see the setting, and know its current state, but not change the setting or information.
- Hidden permissions hide the setting from the admin; they won’t see the setting or information at all.
You can manage admin role assignments to users in the Site Members section of the admin console. The Role column shows their current admin role (if any), and you can change their role or remove them as an admin by selecting “Modify Admin Role” in the dropdown menu on the right.
Editing and Deleting Roles
Once a custom role has been created, it appears in the table of admin roles in your Site Settings page. You can use the “Edit Role” and “Delete Role” options in the dropdown on the right of each row to modify a role.
You can edit a role by changing its name or the permissions assigned to the role. Any changes will take effect immediately for all admins assign to that role.
When deleting a role, you can choose what the effect should be for admins currently assigned to the role you’re deleting. You can either immediately remove them as admins entirely, or choose a different role for those admins to be re-assigned to.
|Category||Permission Name||Edit Permissions||View Permissions|
|Site Members||Users||Provision and disable users, edit users' names and emails, merge user accounts||View and export the list of users, and view individual users' basic information|
|Site Members||Bots||Create, manage, and delete bots||View bots|
|Site Members||Admin Roles||Manage admins, assign admins to roles, and create, edit, and delete admin roles||View admin roles|
|Site Members||Unredacted Audit Access to All Members & Content||Read, export, and manage all users and all content at your site (see below)||Read, export, and manage all users and all content at your site (see below)|
|Group Folders||Group Folders||Create, manage members for, and delete group folders||View list of group folders and individual folders' information|
|External Sharing||Externally Shared Content||Remove external users from documents and disable publicly-shared links||View list of externally shared content and basic information about each shared document|
|Live Apps||Live Apps||Manage custom and third-party Live Apps||View list of Live Apps|
|Managed Sites||Managed Sites||Create and control managed sites and have Super Admin access to child sites||View list of managed sites|
|Billing||Billing Information||Manage billing settings||View billing information|
|Insights||Admin Insights||No additional permissions||View and export Admin Insights data|
|Settings||Site Settings||Manage all settings on the Site Settings page except Admin Roles||View all settings on the Site Settings tab except Admin Roles|
|Settings||Email Domain & Member Policy||Manage the Email Domain & Member Policy settings||View the Email Domain & Member Policy settings|
|Settings||Salesforce||Manage all settings on the Salesforce settings page||View the Salesforce settings page|
|Settings||SAML Configuration||Create and manage your SAML configuration||View SAML setup|
|Settings||User Defaults||Manage everything on the User Defaults page||View the User Defaults page|
|Settings||Sharing Settings||Manage external sharing settings on the Sharing page||View the Sharing settings page|
|Settings||Integrations||Create and manage the integrations on the Integrations page||View the Integrations settings page|
|Settings||Security Settings||Manage all setting on the Security tab||View the Security settings page|
|Settings||Quip Shield Settings||Manage Quip Shield settings||View Quip Shield settings|
|Governance||Data Retention||Create and manage Data Retention policies||View and export Data Retention policies|
|Governance||Data Hold||Create and manage Data Hold policies||View and export Data Hold policies|
|Admin Action Log||Admin Action Log||No additional permissions||
View and export the Admin Action Log
Unredacted Audit Access to All Members & Content
One permission that you can assign in Admin Roles is Unredacted Audit Access to All Members & Content. Admins with this permission have wide-ranging capabilities to view and edit content and users at your site. For example, these admins can:
- View and export any document (including its full history and conversation log) at your site.
- Add themselves to any document at your site with full access to edit it, share it, or delete it.
- View additional information about all members of your site, including a list of all the content they have access to, all the link-shared content they’ve created, and all their contacts.
- Export your entire site’s content and member profile information.
Unredacted Audit Access is designed for eDiscovery and security auditing use cases, and grants broad access to your site. At most Quip sites, there’s no admin with this permission — it’s not usually necessary. We recommend using caution when granting this powerful permission, and whenever possible using a combination of narrower permissions.