Admin Roles

The Quip admin console has a number of powerful controls, and you may wish to limit which admin can access certain settings. You can use Admin Roles to create custom admin profiles and assign them to specific users. For example, if your organization has a team that responds to user issues, you could create a Help Desk Admin role with the ability to manage users and groups, and therefore respond to tickets, but without access to sensitive security and configuration settings.

Note: if your site had admins before Admin Roles launched in March 2020, all admins defaulted to the Super Admin role, which aligns with the permissions that they had before.

Creating Roles

You create and manage roles by clicking Settings, then Site Settings, in the left sidebar, and scrolling down to Admin Roles.

Default Roles
There are two admin roles available at your site by default, which cannot be edited or deleted. The Super Admin role can view and edit everything within your site, with the exception of unredacted access to content. The Site Admin role can view and edit everything except billing, unredacted access to content, and management of admin roles.

Custom Roles
To create a custom profile, click the “Create New Role” button and choose a unique name for the role, then select the appropriate level for each permission set in the matrix below.

There are three permissions levels:

  • Edit permissions give the admin full access to see and modify the setting or information.
  • View permissions let the admin see the setting, and know its current state, but not change the setting or information.
  • Hidden permissions hide the setting from the admin; they won’t see the setting or information at all.

Assigning Roles

You can manage admin role assignments to users in the Site Members section of the admin console. The Role column shows their current admin role (if any), and you can change their role or remove them as an admin by selecting “Modify Admin Role” in the dropdown menu on the right.

Editing and Deleting Roles

Once a custom role has been created, it appears in the table of admin roles in your Site Settings page. You can use the “Edit Role” and “Delete Role” options in the dropdown on the right of each row to modify a role.

You can edit a role by changing its name or the permissions assigned to the role. Any changes will take effect immediately for all admins assign to that role.

When deleting a role, you can choose what the effect should be for admins currently assigned to the role you’re deleting. You can either immediately remove them as admins entirely, or choose a different role for those admins to be re-assigned to.

Permissions

Category Permission Name Edit Permissions View Permissions
Site Members Users Provision and disable users, edit users' names and emails, merge user accounts View and export the list of users, and view individual users' basic information
Site Members  Bots Create, manage, and delete bots View bots
Site Members  Admin Roles Manage admins, assign admins to roles, and create, edit, and delete admin roles View admin roles
Site Members Unredacted Audit Access to All Members & Content Read, export, and manage all users and all content at your site (see below) Read, export, and manage all users and all content at your site (see below)
Group Folders Group Folders Create, manage members for, and delete group folders View list of group folders and individual folders' information
External Sharing Externally Shared Content Remove external users from documents and disable publicly-shared links View list of externally shared content and basic information about each shared document
Live Apps Live Apps Manage custom and third-party Live Apps View list of Live Apps
Managed Sites Managed Sites Create and control managed sites and have Super Admin access to child sites View list of managed sites
Billing Billing Information Manage billing settings View billing information
Insights Admin Insights No additional permissions View and export Admin Insights data
Settings Site Settings Manage everything on the Site Settings page except Admin Roles View everything on the Site Settings tab except Admin Roles
Settings  Email Domain & Member Policy Manage the Email Domain & Member Policy settings View the Email Domain & Member Policy settings
Settings  Linked Salesforce Orgs Link and unlink Salesforce orgs, and manage the Salesforce Org Member Policy View linked Salesforce Orgs and the member policy
Settings  SAML Configuration Create and manage your SAML configuration View SAML setup
Settings  User Defaults Manage everything on the User Defaults page View the User Defaults page
Settings  Sharing Settings Manage external sharing settings on the Sharing page View the Sharing settings page
Settings  Integrations Create and manage the integrations on the Integrations page View the Integrations settings page
Settings  Security Settings Manage every setting on the Security tab View the Security settings page
Settings  Quip Shield Settings Manage Quip Shield settings View Quip Shield settings
Governance Data Retention Create and manage Data Retention policies View and export Data Retention policies
Governance  Data Hold Create and manage Data Hold policies View and export Data Hold policies
Admin Action Log Admin Action Log No additional permissions

View and export the Admin Action Log

 

Unredacted Audit Access to All Members & Content

One permission that you can assign in Admin Roles is Unredacted Audit Access to All Members & Content. Admins with this permission have wide-ranging capabilities to view and edit content and users at your site. For example, these admins can:

  • View and export any document (including its full history and conversation log) at your site.
  • Add themselves to any document at your site with full access to edit it, share it, or delete it.
  • View additional information about all members of your site, including a list of all the content they have access to, all the link-shared content they’ve created, and all their contacts.
  • Export your entire site’s content and member profile information.

Unredacted Audit Access is designed for eDiscovery and security auditing use cases, and grants broad access to your site. At most Quip sites, there’s no admin with this permission — it’s not usually necessary. We recommend using caution when granting this powerful permission, and whenever possible using a combination of narrower permissions.

 

 

 

Was this article helpful?
0 out of 1 found this helpful