How to set user permissions and manage roles in People for secure collaboration

If you’re wrangling a team in any size company, you know that letting everyone do everything is a recipe for chaos. That’s where setting user permissions and roles comes in—it’s about keeping things tight, not tangled. This guide is for anyone who needs to lock down access, keep sensitive info private, or just make sure the right folks can actually get work done. We’re talking about People, the user management tool, but the approach here applies even if you’ve been burned by clunky permission systems before.

Let’s skip the fluff and get into the nuts and bolts of running a secure, sane workspace.

Why Bother With Permissions and Roles?

You might think, “Everyone on my team can just be an admin. It’s easier.” It’s not. All it takes is one accidental click or an over-sharer, and suddenly private stuff isn’t so private. Or worse, something breaks and no one knows who did it.

Setting up permissions and roles does three things: - Keeps sensitive data visible only to those who need it. - Prevents accidental (or intentional) mistakes. - Makes onboarding and offboarding a breeze.

It’s not about micromanaging; it’s about not getting burned. Let’s get started.

Step 1: Understand How Roles and Permissions Work in People

Before you start clicking around, know what the terms actually mean in People.

  • Roles are bundles of permissions. Think “Admin,” “Manager,” or “Contributor.”
  • Permissions are the specific things a user can or cannot do—like viewing, editing, or deleting data.

Most systems (including People) come with a few built-in roles. But you can usually make your own, too. Don’t overcomplicate—start with broad buckets, then tweak as needed.

Pro Tip: Don’t invent a new role every time someone whines. Stick to a handful of core roles and adjust only if you hit a real wall.

Step 2: Audit Your Team and Data

This is the unsexy part, but skipping it will bite you later. Take 10 minutes and jot down:

  • Who is on your team (by job function, not just name).
  • What kinds of information or actions are sensitive (e.g., payroll, client lists, admin controls).
  • Who actually needs access to what.

Common sense check: If someone’s never going to touch payroll, they don’t need access to it. Don’t hand out full access “just in case.”

Step 3: Review and Adjust Default Roles

People comes with default roles. Here’s the usual breakdown (your setup might differ):

  • Admin: Full control; can change settings, invite/remove users, see everything.
  • Manager: Can oversee teams or projects, maybe edit but not nuke the whole system.
  • Member/Contributor: Can do their day job but not mess with settings or see private info.
  • Viewer/Guest: Can see certain things, but can’t change much.

What works: These defaults are fine for most teams. Don’t mess with them unless you have a real reason.

What doesn’t: Don’t hand out Admin like Halloween candy. Only trust folks who actually need it (and trust yourself to say no).

Step 4: Customize or Create Roles (If You Must)

If you’ve got a weird use case—say, contractors who need to see one project but nothing else—it’s time to make a custom role.

  1. Go to Roles or Permissions Settings: In People, this is usually under “Settings” > “Roles & Permissions.”
  2. Create a New Role: Name it something human-friendly, like “Contractor” or “Finance Viewer.”
  3. Pick Permissions: Turn on only what this role absolutely needs. Less is more.
  4. Save and Review: Double-check what this role can do. If you’re unsure, test it with a dummy account.

Ignore: The urge to make a role for every single person. That way lies madness.

Step 5: Assign Roles to Users

Now, put your plan into action:

  1. Go to Users or Team Management: Usually found in your main admin/settings menu.
  2. Select a User: Click their name or profile.
  3. Assign the Right Role: Pick from your pre-set or custom roles.
  4. Save Changes: Don’t forget this step (sounds obvious, but you’d be surprised).

Shortcut: You can often assign roles in bulk if you’re onboarding several people at once.

Honest take: If you have to regularly change someone’s role, that’s a sign your roles or org chart need fixing—not your permissions settings.

Step 6: Set Up Permission Groups or Teams (Optional, but Handy)

If your org is bigger or changes a lot, use groups or teams for easier management:

  • Teams: Give everyone in a department the same role in one click.
  • Permission Groups: Useful if folks need access across departments for special projects.

You can usually find this in People under “Teams” or “Groups.” Set it up once, and you won’t have to micromanage everyone individually.

Works great: For onboarding/offboarding, or when teams shift around.

What to ignore: Don’t create a team for every micro-project. Use teams for stable, ongoing groups.

Step 7: Review and Audit Regularly

Set a calendar reminder to check permissions at least once a quarter—or after any big personnel changes.

  • Remove folks who’ve left.
  • Downgrade anyone who doesn’t need broad access anymore.
  • Review any “custom” roles you’ve made. If you forgot what it’s for, you probably don’t need it.

Pro Tip: Run a “least privilege” check: is anyone seeing more than they need? Tighten it up.

Step 8: Communicate Clearly With Your Team

Permissions only work if people know what to expect.

  • Tell new users what their role allows (and what it doesn’t).
  • If someone asks for more access, ask why—not just “sure, here you go.”
  • Be upfront when you restrict access. It’s about security, not mistrust.

What’s worth saying: Most people just want to do their job. If permissions get in the way, revisit your setup.

Common Mistakes (and How to Dodge Them)

  • Too Many Admins: More admins = more risk.
  • One-Off Permissions: Avoid granting temporary full access and “forgetting” to revoke it.
  • Role Creep: Over time, roles get bloated with extra permissions. Trim them back.
  • Never Auditing: Static permissions are risky. People change jobs, leave, get promoted.

Pro Tips for Staying Sane

  • Document Your Roles: A simple doc or spreadsheet helps everyone remember what a role does.
  • Use Dummy Accounts: Test new roles before rolling them out to real people.
  • Automate Where Possible: If People supports SSO or directory sync, use it—it cuts down on manual errors.

Wrapping Up: Keep It Simple, Iterate Often

You don’t need a PhD in user management. Start with the basics: clear roles, tight permissions, and regular reviews. Don’t get fancy unless you have to. If things feel clunky, adjust. Security isn’t a one-shot deal, and you’ll never regret making it easy to see who can do what.

Now go lock things down—without locking everyone out.