Available with these plans:
Starter
Basic
Pro
Enterprise
To upgrade your Lark Plan or for more information, contact Support or your Customer Success Manager. The Lark Basic plan supports only specific countries and regions.
I. Intro
Who can perform these steps: Primary administrators or administrators with "Permission Auditing" permission.
As an administrator, you can view the permissions that members have in real time, create permission query tasks, trace back the change records of member permissions and permission rules, and so on.
Common scenarios: When the organization's hierarchy changes or a member leaves, the administrator can check the member's permissions and block access to important permissions promptly.
II. Steps
Query real-time permission
You can view the roles and permissions that members have in real time.
- Open the Lark Admin Console and click Compliance > Permission Auditing > Real-time permissions.
- 250px|700px|reset
- Select the following conditions as needed:
- Service (required): Choose Lark Admin Console.
- Search by (required): Choose Roles.
- Subject type (required): Choose Members.
- Subject (optional): Enter a member's name or phone number to select a specific member.
- Role name (optional): Select the administrator role that you want to check.
- Permissions (optional): Browse and select one type of permissions.
- Click Search to view the query results. Click Details beside a member's name to view more information about their permissions.
- 250px|700px|reset
- (Optional) Click Reset to clear all query conditions and re-query.
- (Optional) To download the results as an .xlsx file, click Export Data > Export.
- 250px|700px|reset
Create a query permission task
In case of a large amount of data, you can create tasks to query members' permissions of documents, shared folders, Wiki spaces and pages, apps, and Minutes.
- In the Lark Admin Console, click Compliance > Permission Auditing > Create permission search tasks.
- Click Create Search Task and fill in the task name and choose what you would like to query about.
- 250px|700px|reset
- Select the query scope and click Create.
For more information about setting up query permission tasks, see Admin | Create permission search tasks.
View member permissions change log
You can look up changes in members' Lark Admin Console permissions.
- In the Lark Admin Console, click Compliance > Permission Auditing > Member permissions change log.
- Select the query conditions.
- Service (required): Select Lark Admin Console.
- Target member (optional): Enter the name or mobile number of a member whose permissions were changed.
- Operator (optional): This is the person who made the permission change. Enter a name or mobile number.
- Time (required): Select a time range during which the permission was changed. The default is the past week.
- Click Search to see the list of changes.
- 250px|700px|reset
- (Optional) Click Reset to clear all query conditions and re-query.
- Click Export Data > Export to download the file in the administrator task center and export the query results as an XLSX format file.
- 250px|700px|reset
View permission rules change log
This is a log of changes to administrators' roles: including them being added or removed from a role, as well as changes to a role's permissions.
- In the Lark Admin Console, click Compliance > Permission Auditing > Permission rules change log.
- Select the query conditions.
- Service (required): Select Lark Admin Console.
- Operator (optional): Who made the change.
- Event type (optional): Select Add role, Edit role, or Delete role.
- Time (optional): When the change was made. The default is the past week.
- Click Search to see the list of changes.
- 250px|700px|reset
- (Optional) Click Reset to clear all query conditions and re-query.
- (Optional) To download the results as an .xlsx file, click Export details.
- 250px|700px|reset
Review reminders for member status change and change their permissions
When there's a change to the organization's structure or when a member's status changes, a record will be automatically generated. This will show what permissions the member had, so you can quickly modify their permissions as needed.
When the status of a member with administrator roles changes, the permission changes for that member will be categorized as Pending, Processed, or Ignored based on whether their permissions need to be changed.
- In the Lark Admin Console, click Compliance > Permission Auditing > Permission reminders for member status change.
- In the Pending list, members who need to handle permissions after changes will be displayed.
- Enter the member's name or phone number and select the type of change (Deleted or Organizational structure change).
- 250px|700px|reset
- Click View Details to look into the change, where you can:
- Click Batch revoke permissions to revoke the selected permissions.
- Click Ignore to keep the member's permission. The record will be moved to the Ignored list, where you can still get the chance to modify the member's permissions.
- 250px|700px|reset
Note:
- You can only revoke Lark Admin Console permissions.
- Once you revoke a permission, the corresponding role or permission of the member will be deleted and cannot be restored. You can reassign the same permission to members if you wrongly revoke a permission. For more information, see Admin | Add administrators and create administrator roles.
You can find the permission revocation status for the member undergoing the status change by clicking Processed > Details.
250px|700px|reset
III. FAQs
