Papertrail offers the ability to grant members selective access to groups of log senders within the same Papertrail organization, as well as specific permissions for managing users, changing plans, and purging logs.
Access control defined via SAML role mapping take precedence over permissions previously defined on a per user basis in Papertrail Members settings. Once role mapping is turned on, the Members area of the account settings will be updated to reflect members' permissions as defined in SAML role mapping and only the definition of the specific log group(s) that members can access can be modified in Papertrail Members settings.
See Single Sign-On (SSO) via SAML for more information.
Access control settings can be modified in the Members area of the account settings, in the common settings, or via SAML role mapping. When defining access control via common settings, access to groups of log senders and permissions for managing users, changing plans, and purging logs are defined based on user roles. See User Roles and Access Levels for more information.
This topic addresses defining access control via the Members area of the account settings.
Here's what these different member settings mean:
- Manage users and permissions — full access to everything; the highest permission level a member can have.
- Change plans and payment — upgrade or downgrade the organization’s plan, modify credit card information, and see previous payments.
- Full Access — view logs, modify group details, save searches, and create alerts.
- Read-only — view logs only, cannot modify group details, save searches, or create alerts.
- Purge logs — purge searchable logs.
- Specific group access — provides access to only specific log groups instead of all groups. Any group that is not specified will not be accessible at all, even as read-only.
Many permissions are independent. For example, a user can have billing access only with the Change plans and payment option, an alternative to adding individuals to billing emails. There are a few interdependent settings:
- Manage users and permissions implies full access to all functions, as mentioned above.
- Only members with billing access or full access to all log groups can subscribe to usage and billing emails, because other members don't have enough access to act on usage or billing information.
- Only members with full access to all groups can purge logs.
Required permission: "Manage users and permissions"
Click Edit in the upper right next to the member’s email, then make the desired changes:
Sure! In the Members area, click Edit All at the top of the page.
No. Papertrail doesn't allow changing your own access permissions because it helps prevent edge cases like an account being left without a member who has full access.
For organizations with a lot of members: when looking for a specific person, the list of members can be filtered by typing the member's email:
If members are filtered, Papertrail will return the focus to the filter input after saving, in an effort to speed up the flow of modifying additional members.
Learn more about using Papertrail with multiple organizations.
Not at all. The permissions Papertrail offers are specific to a single organization, and each organization is free to choose the workflow that makes the most sense, whether that's permissions, multiple organizations, or a combination of both.