Required Roles: Workspace Manager (to configure access)
Required Permissions: Varies by role. See tables below for module-level and DMS-level capabilities.
Index
Overview
Version 2 of Kivo’s user permissions model provides granular control over access to product modules, expanded document-level permissions in the DMS, and the ability to organize users into groups for more efficient access management.
This article focuses on the specific, granular permission settings available for each role within Kivo’s modules. To understand how these settings fit into the broader access model—including roles, groups, and workspace access—see the Understanding User Permissions article.
The tables below outline the roles available in the system and their corresponding access levels across product modules such as Regulatory, Clinical, and Quality.
Regulatory Permissions
Role | DMS | Projects | Reg Activity | eCTD Viewer | Submission Builder |
Editor | Edit, Read | Edit, Read | Edit, Read | Edit, Read | Edit, Read |
Reviewer | Edit, Read | Edit, Read | Read | Read | No Access |
Viewer | Read | Read | No Access | No Access | No Access |
Investigator | Read | No Access | No Access | No Access | No Access |
Inspector | Read | No Access | No Access | No Access | No Access |
Training | No Access | No Access | No Access | No Access | No Access |
Clinical Permissions
Role | DMS (eTMF) | Projects | Site Management | CTIS Builder |
Editor | Edit, Read | Edit, Read | Edit, Read | Edit, Read |
Reviewer | Edit, Read | Edit, Read | Read | No Access |
Viewer | Read | Read | No Access | No Access |
Investigator | Read | No Access | No Access | No Access |
Inspector | Read | No Access | No Access | No Access |
Training | Read | No Access | No Access | No Access |
Quality Permissions
Role | DMS (Controlled Docs) | Projects | Quality Activity | Vendors |
Editor | Edit, Read | Edit, Read | Edit, Read | Edit, Read |
Reviewer | Edit, Read | Edit, Read | Read | Read |
Viewer | Read | Read | No Access | No Access |
Investigator | Read | No Access | No Access | No Access |
Inspector | Read | No Access | No Access | No Access |
Training | Read | No Access | No Access | No Access |
Corporate Permissions
Role | DMS (Corporate Documents) | Projects |
Editor | Edit, Read | Edit, Read |
Reviewer | Edit, Read | Edit, Read |
Viewer | Read | Read |
Investigator | Read | No Access |
Inspector | Read | No Access |
Training | Read | No Access |
Other Permissions
Role | Reports | Training Courses |
Editor | Read | Course Manager, Trainee |
Reviewer | Read | Trainee |
Viewer | No Access | Trainee |
Investigator | No Access | Trainee |
Inspector | No Access | Trainee |
Training | No Access | Trainee |
Detailed Permissions in DMS
The tables below outline the granular permissions available to each role in the DMS. One of two base permissions can be set for a role: Edit or Read. These permissions apply to the DMS in any product module (e.g., Controlled Documents in QMS, or eTMF in Clinical).
Edit Permission
Only Editor and Reviewer roles can have edit permission in the DMS.
Note: A user or group must be added to a workflow step in order to participate in that step, regardless of their permissions. For example, a Viewer may participate in an Approval step only if they have been added to that step in the workflow settings of that folder
Permission | Editor | Reviewer |
Create | YES | NO |
Edit / Collab | YES | YES |
Edit Metadata | YES | YES |
View Draft Versions | YES* | YES* |
Upload Version | YES | YES |
Upload to Placeholder | YES | YES |
Allow Download | Download all | Download all |
Review | YES | YES |
Approve | YES | YES |
Preview | Full-featured | Full-featured |
View Reports Tab | YES | YES |
Read Permission
Permission | Editor | Reviewer | Viewer | Investigator | Inspector | Training |
Create | NO | NO | NO | NO | NO | NO |
Edit / Collab | NO | NO | NO | NO | NO | NO |
Edit Metadata | NO | NO | NO | NO | NO | NO |
View Draft Versions | YES | YES | YES | YES | NO | YES |
Upload Version | NO | NO | NO | NO | NO | NO |
Upload to Placeholder | YES | YES | NO | YES | NO | NO |
Allow Download | YES | YES | YES | YES | NO | YES |
Review | NO | NO | NO | NO | NO | NO |
Approve | YES | YES | YES | NO | NO | NO |
Preview | Full-featured | Full-featured | Full-featured | Secure | Secure | Full-featured |
View Reports Tab | YES | YES | YES | NO | Audit trail only | NO |
Download Options
Kivo offers granular controls on document download. Only certain user roles can be given the option to download, but all user roles can restrict download in some capacity. The following options are available:
Download all — All versions, both source and renditions, can be downloaded by a user. This includes any source file type (Word, PowerPoint, SAS Transport, etc.) and any type of PDF rendition, including signed and unsigned renditions of both draft and approved documents.
Download only approved PDFs — Limits users to only downloading PDFs of approved documents.
No downloads — Blocks the download of any version or rendition of a document.
A user’s ability to export a folder is based on their download options. For example, a user who has “Download all” permissions can download all documents by exporting a folder. A user who can download approved versions only can similarly export all approved PDFs in a folder.
Preview Options
Kivo has two built-in document viewers. Our Full-featured viewer offers an improved experience with hyperlink navigation, search, PDF bookmarks, and copyable text. This viewer accesses the document from Kivo's server and caches it locally to preview.
Our Secure viewer streams each page to the user's browser without caching and blocks selecting text or printing. It ensures the user cannot retain information outside of Kivo via local cache or copy.
The Secure viewer is reserved for Investigator and Inspector roles, which are typically used by third parties or during due diligence to limit data retention.
Workspace Manager Only Actions
Certain actions are limited to Workspace Managers. These include:
Workspace configuration, including:
Document metadata definition
Activity metadata definition
User management (creation, permissions, deletion)
Defining reasons for actions
Delete folder or cabinet
Lock folder
Export cabinet
Delete approved documents
Set folder metadata
Change owner on a document or workflow step
[Kivo Admin Guide] > [Access Management] > Kivo Roles & Module Permissions