Managing security permissions within Sign-Ups can seem challenging at first. But don't worry, we're going to break it down so you can see what permissions a person needs to perform various functions, and where to set them up. First, we'll look at the places where permissions are set up. Sign-Up permissions are granted in one of three ways: Group Role Permissions: People in the group with a role of Leader will have additional permissions. This is controlled at the Group Type level. Out of the box, the Leader role for groups of type "Sign-Up Group" has Edit and Manage Members permissions. See the Rock Your Groups manual for more information on configuring group roles. Project Permissions: Some people, like Rock Administrators, will have access to project-level permissions. We'll dive into the details shortly, but for now just be aware that permissions can be granted to individual Users or Security Roles at the project level. Group Type Permissions: Similar to what you'll find when looking at the above project-level permissions, you can grant permissions from the group type itself by clicking the padlock icon as shown below. You can grant permissions to Manage Members, Edit, Administrate, and Schedule. Some permissions overlap (e.g., Edit and Manage Members) between group role permissions and group type security. This means Edit access can be given via a Leader role, or via a system Security Role. To simplify things, we'll use the phrase "group type level" to refer to both role and security settings since they're configured in the same area. Next, we'll dive in to what happens when you set up the permissions described above. We'll use Ted Decker as our project Leader, who has access to Rock but does not have full Rock Administration permissions. We'll go through the Sign-Ups area from Ted's perspective using out-of-the-box permission configurations. Delete Project Can Delete - There are three projects that Ted can delete. He can delete them because he's a Leader of at least one project under the "Feed My Starving Children" group. Leaders have Edit permission, which allows them to delete. Missing Permission - Ted cannot delete the third project in the list because he is not a Leader in any "Habitat for Humanity" projects. This also means he (or one of his security roles) hasn't been granted Edit security at the project or group type levels. Note that Edit isn't the only permission that lets you delete. Security Roles or Users who have been granted Schedule permission can also delete. Change, Remove, and Secure projects Update Projects - To enable the ti ti-pencil (edit), ti ti-x (delete), and ti ti-circle-plus (add) icons, permission to either Edit or Schedule needs to be granted at either the project or group type levels. Edit and Delete - To enable these buttons, grant Edit permission at the project or group type levels. Project Security - As shown in a prior screenshot above, this is where the ti ti-lock (security) icon would appear only if the person has been granted Administrate permission at the project or group type levels. In our example, neither Ted nor his security roles have Administrate permission, so he can't see the icon. Managing Attendee List To add or remove attendees from the list, the person needs either Manage Members, Edit, or Schedule permissions at the project or group type levels. Add/Remove Attendees - The ti ti-circle-plus (add) and ti ti-x (remove) icons will only be visible and clickable if the person has one of the permissions listed above. Adding Sign-Up Groups There are two ways to add sign-up groups to the list. You can add a child group to an existing group, or you can start a brand new sign-up group by adding to the top-level of the list. There's extra security needed to add top-level sign-up groups, which we'll cover below. But before you can start adding, you need to be able to set the Project Type (In-Person or Project Due) for any new entries. To do that, you'll need Edit permission for the Project Type group attribute, accessed from the group type configuration. Update Security - Users or Roles who are allowed to add sign-up groups will need Edit permission to the Project Type group attribute. If you want to add new top-level sign-up groups to the list, you'll need to update the security on the block itself. Similar to above, this requires Edit permission. Block Security - Users or Roles who are allowed to add top-level sign-up groups will need Edit permission in the Sign-Up Groups block security.