# Activity Permissions {% hint style="success" %} **Audience:** Admins, Technical Builders, Implementors, and Developers **Purpose:** Explains how permissions and sharing settings interact for space.vars.activities in space.vars.Kizen\_company\_name so you can configure space.vars.activity types, roles, and workflows. {% endhint %} ## Overview space.vars.activity permissions differ from standard space.vars.object permissions in several important ways. Understanding these differences is critical when designing activity schemas, configuring sharing rules, and troubleshooting visibility or edit issues. space.vars.activity permissions are determined by: * space.vars.activity permissions (Role or User permission group settings such as My vs All, View, Log, Create, Edit, Delete) * Sharing settings on the space.vars.activity type * Assignment (user or role) * space.vars.object, space.vars.entity, and section permissions for related entities No single setting controls access in isolation. In this topic, we will cover space.vars.activities permissions. ### Permission Rules The following rules apply across all scenarios unless otherwise stated: 1. If an space.vars.activity is assigned to a user or one of their roles, the user can always log it. 2. If a user can see a Scheduled space.vars.activity and has Edit permission for it, they can assign it to themselves and log it. 3. “My” permissions are never more restrictive than “All” permissions. 4. Sharing settings can only further restrict access granted by a user’s permission group; they cannot expand or grant additional access. 5. If scheduling is fully denied by permissions, scheduling actions do not appear in the UI. *** ## Scheduled Activity Visibility Visibility for Scheduled space.vars.activities depends on assignment, permissions, sharing settings, and whether the Scheduled space.vars.activities section is enabled. {% columns %} {% column %} #### Assigned space.vars.activities Users can always: * See Scheduled space.vars.activities assigned to themselves, * See Scheduled space.vars.activities assigned to any of their roles, * Log those space.vars.activities, regardless of sharing settings. This behavior intentionally overrides standard visibility restrictions to ensure assigned work is always accessible. {% endcolumn %} {% column %} #### Non-assigned space.vars.activities Visibility for Scheduled space.vars.activities assigned to other users depends on both permissions and sharing settings: To see and complete Scheduled space.vars.activities assigned to others, a user must have at least **View/Log** permissions set to **All** for space.vars.activities. In addition, visibility is affected by: * Scheduled space.vars.activity permission scope (My vs All), * Sharing settings on the space.vars.activity type. If either the space.vars.activity permission scope or the sharing settings restrict access, the Scheduled space.vars.activity does not appear. {% endcolumn %} {% endcolumns %} ### Disabled Scheduled Activity Permissions If the Scheduled space.vars.activities section is disabled entirely: * No Scheduled space.vars.activities appear on space.vars.entity pages or space.vars.dashboards. * This includes space.vars.activities assigned to the current user. These rules explain why users may see only their own Scheduled space.vars.activities, or none at all, depending on how permissions and sections are configured. *** ## Scheduling Activities Scheduling space.vars.activities is intentionally more restrictive than logging to ensure users cannot create or assign work beyond their permissions. ### General Scheduling Requirements To schedule an space.vars.activity, both of the following must be true: * The user’s permissions allow scheduling space.vars.activities. * The space.vars.activity type’s sharing settings allow scheduling. If either condition is not met, scheduling options do not appear in the UI. {% columns %} {% column %} ### Scheduling space.vars.activities to Yourself A user can schedule an space.vars.activity for themselves only when: * They have **Create/Edit** permissions for Scheduled space.vars.activities * The Activity’s sharing level is set to **Log/Schedule** or higher {% endcolumn %} {% column %} ### Scheduling space.vars.activities to Others Scheduling an Activity for another user or role is allowed only when: * The user has **Create/Edit** permissions for All Scheduled space.vars.activities * The space.vars.activity's sharing settings allow scheduling * The user has permission to assign space.vars.activities to **My Roles**. If any of these conditions are not met, assignment options are hidden. {% endcolumn %} {% endcolumns %} These rules explain why users may be able to log assigned work but not create or assign new Scheduled space.vars.activities. *** ## Logging Activities Users can always log an space.vars.activity that has been assigned to them, regardless of permissions or sharing settings. This behavior is intentional so assigned work cannot be blocked from completion. However, users can only create a new logged space.vars.activity from scratch if the space.vars.activity type is available to them. Whether an space.vars.activity type appears in the Log space.vars.activity dropdown depends on configuration. An space.vars.activity type is only available for manual logging when: * The user has permission to edit that space.vars.activity type, and * The space.vars.activity’s sharing settings allow logging This is why a user may be able to log an assigned space.vars.activity but not see the same space.vars.activity type available for manual selection. *** ## Activity Assignment Rules Assignment controls who is responsible for completing an space.vars.activity and is governed by visibility, scheduling permissions, and assignment rights. {% columns %} {% column %} #### Assigning space.vars.activities to Yourself A user can assign an space.vars.activity to themselves when: * They can see the space.vars.activity, and * They have permission to schedule space.vars.activities If either condition is not met, the option to assign the space.vars.activity to themselves does not appear. {% endcolumn %} {% column %} #### Assigning space.vars.activities to Roles Assigning an space.vars.activity to a role is allowed when the user has the Assign to My Role(s) permission and the space.vars.activity is visible to them. This permission acts as an override to broader space.vars.activity assignment permissions, which allows users with limited space.vars.activity permissions to:: * Assign an space.vars.activity from a role to themselves * Reassign the space.vars.activity back to their role if needed Users cannot assign the space.vars.activity to other roles unless they have the appropriate assignment permissions. Standard visibility rules still apply when assigning space.vars.activities to roles. If the user does not have the required assignment permissions, reassignment options are hidden from the UI. {% endcolumn %} {% endcolumns %} These rules explain why users may be able to view or log an space.vars.activity but not change who it is assigned to. *** ## Activity Share Settings Share Settings restrict access further after permission groups are applied. It cannot override missing permissions. | Sharing Level | Effect | | ------------- | --------------------------------------------------------------------------------------------------- | | None | space.vars.activity not visible unless assigned | | Log/Schedule | Allows logging and scheduling if permissions allow | | Edit | Allows editing Scheduled space.vars.activities if permissions allow | | Admin/Delete | Allows deletion only if permissions allow | *** ## Activity Custom Field Permissions space.vars.activities intentionally bypass some standard permission patterns to ensure complete and consistent logging. ### Field-level Permissions Field-level permissions on the space.vars.object fields that space.vars.activities mirror are not enforced when viewing or editing space.vars.activities. However, space.vars.object-level permissions are still respected. This ensures: * Required fields can always be completed * space.vars.activities remain structurally complete * Admin-defined schemas are respected Users can: * View all space.vars.activity space.vars.fields for associated space.vars.objects * Edit all space.vars.activity space.vars.fields unless restricted by space.vars.object-level rules * Mark space.vars.activity space.vars.fields as read-only so they can be populated once and remain immutable after a value is set. *** ## Object-level Permissions and Activities space.vars.object-level permissions control whether users can select, change, or view space.vars.entity associations when scheduling or logging space.vars.activities. ### When Object Permissions are Disabled If a user does not have access to an space.vars.object’s section: * Association selectors are displayed as read-only * Existing associations remain visible * Tooltips explain why the selector cannot be changed This ensures users can see existing configuration without expanding access. {% columns %} {% column %} #### Scheduled space.vars.activities If a Scheduled space.vars.activity was created by another user who has access to the related object: * The existing association is visible but read-only * Associated space.vars.fields are populated from the related space.vars.entity * space.vars.field values remain editable This allows users to complete or update space.vars.activities without changing protected associations. {% endcolumn %} {% column %} #### Logged space.vars.activities When logging an space.vars.activity and the related space.vars.object section is disabled: * The association selector is empty and read-only * No space.vars.entities can be selected or changed * Associated space.vars.fields behave as standard space.vars.activity fields and remain editable {% endcolumn %} {% endcolumns %} ### No Association If no related space.vars.entity was selected when the space.vars.activity was scheduled: * The association selector is empty and is read-only, which cannot be changed * Associated space.vars.fields are blank * space.vars.fields behave as standard space.vars.activity fields and are editable These rules preserve data integrity and visibility while allowing users to complete space.vars.activities even when they do not have access to the underlying space.vars.entities. *** ## Record-level Permissions These rules ensure space.vars.activities remain flexible and complete while enforcing space.vars.entity-level access boundaries. Differences between Scheduled and Logged behavior based on when associations are preconfigured versus selected at submission time. ### Create/Edit on my Records When a user has **Create/Edit** on My Associated space.vars.entities for an space.vars.object and the space.vars.object’s section is enabled: * The association chooser is editable * Users can create new related space.vars.entities * Associated space.vars.fields are editable This allows users to fully manage associations and related data during space.vars.activity submission. ### View-only Record Permissions When a user has View on My Associated space.vars.entities only for an space.vars.object and the space.vars.object’s section is enabled, behavior differs depending on the space.vars.activity type. {% columns %} {% column %} #### **Scheduled** space.vars.activities * Pre-selected associations remain editable * If the user changes the association, they cannot reselect the original space.vars.entity if it is not otherwise visible to them * Associated space.vars.fields still pre-populate and remain editable {% endcolumn %} {% column %} #### **Logged** space.vars.activities * Association options are limited to space.vars.entities the user can view * Users cannot select or associate space.vars.entities outside their visibility {% endcolumn %} {% endcolumns %} *** ## A Word of Caution {% hint style="warning" %} **Caution:** Carefully review Activity field configurations and sharing settings, as misconfiguration may expose sensitive data or violate organizational data handling policies. {% endhint %} space.vars.activity permissions in space.vars.Kizen\_company\_name are intentionally permissive where logging and completion are concerned, while remaining strict about scheduling, assignment, and cross-space.vars.entity visibility. Admins should carefully consider: * Sharing levels * Assignment patterns * Object section permissions * Required field configurations Misalignment between these settings is the most common cause of unexpected space.vars.activity behavior. *** ## What's Next? Next, continue to [Advanced Activity Rules](/docs/concepts/activities/advanced-activity-rules.md), which explains how conditional logic can be applied to space.vars.activities to control field visibility and validation behavior. This section helps you understand: * When space.vars.activity fields are shown based on rule conditions * How required fields behave when hidden by rules * How rules are evaluated and enforced across the platform