Article summary: When an unauthorized post occurs in a restricted area, it is typically caused by active permissions at either the local group level or the global network level rather than a system bug. This guide walks administrators through auditing both layers of security to successfully manage timeline access.
1. Why Did This Happen?
If a user posted in an area they shouldn't have, it is most likely not a system bug. Speakap operates on a precise, multi-layered permissions system.
When an unauthorized post occurs, it means the user's account currently has a permission enabled at either the local level (Preferences) or the network level (Roles) that actively allows them to publish content there. To resolve the issue, administrators must audit both settings.
2. Check Local Preferences (Group, BU, or Department Level)
Every individual Group, Business Unit (BU), and Department has its own specific timeline settings. If a user posts in a specific group, the first step is to check that group's local preferences.
How to audit local preferences:
- Navigate to the specific Group, BU, or Department where the post was made.
- Open the settings/gear icon for that specific area.
- Go to the Preferences tab.
- Look under the Posting on timeline section.
- Check if the toggle for "Members of this group may post on its timeline" is turned on.
Resolution: If this is enabled, any standard member of that group can post. Toggle this setting off to restrict posting to Administrators only.
3. Check Network Roles (Platform Level)
If the local group preferences are already restricted, the user is likely bypassing them because of their overarching Network Role. Network Roles apply globally and can grant users the power to post anywhere, overriding local restrictions.
How to audit Network Roles:
- Navigate to your global Network settings.
- Select Roles from the left-hand menu.
- Identify the role assigned to the user in question (e.g., "Member"). You can find this in the Users tab and then after clicking on the User in the User Type tab.
- Click the gear/settings icon next to that role to Edit role.
- Navigate to the Timeline tab.
- Look under Which actions are allowed? and check the following specific permissions:
- "Post to network timeline": If enabled, the user can post directly to the main company-wide feed.
- "Post updates to any group, division or team": If enabled, this grants the user "super-posting" rights, allowing them to publish updates to any BU, LD, or Group, regardless of that group's individual preferences.
Resolution: Uncheck these permissions to revoke the user's global posting access and force them to abide by local group preferences.
4. Summary Checklist for Administrators
If you need to lock down a timeline, ensure you verify both layers of security:
- [ ] Local Check: Is the group's Preference set to allow member posting?
- [ ] Global Check: Does the user's assigned Network Role grant them permission to post to the network timeline or to any group/division?