For background please read the How to - User Management guide.
We recommend reading our article 'Introducing Gatekeeper' which outlines the data structure.
As shown in the core data structure diagram, Contracts are the base object that are linked to the other core objects: Suppliers, Teams, Categories and Entities.
How is access provisioned using Owned Only?
Every object (Entity, Category, Team, Supplier or Contract) can have users of Gatekeeper assigned as the Owner (aka Manager or similar) and users with the role permission 'Owned Only' will have access to the objects they have been assigned an owner of.
Role + Role Permissions
Combining the 'role permission' Owned Only, with the 'role', there are two options:
Administrator + Owned Only
Users with this combination will have access to the objects where they have been assigned to be the owner and they will be able to edit these objects.
Collaborator + Owned Only
Users with this combination will have access to the objects where they have been assigned to be the owner but will not be able to edit these objects however can use the Collaborative Functions
User will also have access to some objects via Secondary Association, please see the article for further details.
Additional Permissions
With the role permission, Own Only, users can still be provisioned with some of the additional Permissions:
If you require more granular access, Gatekeeper supports Role-Based Access Groups (RBAC) which is included in Enterprise plans but can also be provisioned at other plans.
If you would like any support in this area, please don't hesitate to get in touch with us.