How the GRANSHAN Portal's permission system works — understanding roles, visibility levels, and admin controls for secure collaboration.
Permission Model
The portal uses a role-based access control (RBAC) model. Every user has a role, and every resource has a visibility level. Access is granted when the user's role meets or exceeds the resource's required level.
User Roles
-
Viewer — Browse public kits and published content
-
Partner — Access assigned private kits, download assets
-
Jury — Evaluate submissions, manage own profile
-
Admin — Full access — manage users, kits, approvals, settings
Visibility Levels
Public
Accessible without authentication. Use for:
-
Published brand guidelines
-
General information pages
-
Downloadable marketing assets
Private
Requires authentication + explicit access grant. Use for:
-
In-progress brand kits
-
Partner-exclusive resources
-
Internal documentation
Admin-Only
Restricted to admin-role users. Use for:
-
User management interfaces
-
Approval queues
-
System configuration
Common Admin Tasks
Granting Access to a Private Kit
-
Open the kit's settings panel
-
Navigate to Permissions
-
Add users or groups by email
-
Select the access level (view / download / edit)
-
Save changes — users receive an email notification
Revoking Access
-
Open the kit's Permissions panel
-
Locate the user or group
-
Click Remove and confirm
Revoking access is immediate. The user loses visibility on their next page load — no cached access persists.
Security Considerations
-
Magic-link auth eliminates password-related vulnerabilities
-
Session expiry is set to 7 days of inactivity
-
Audit logs track all permission changes (available to admins)
-
Principle of least privilege — grant the minimum access needed for each role