Difference between revisions of "Manage Roles"
Tim Peeler (talk | contribs) |
Tim Peeler (talk | contribs) |
||
| Line 1: | Line 1: | ||
== Managing Roles Available to Your business == | == Managing Roles Available to Your business == | ||
| + | |||
[https://profitnavigator.net/ '''Profit Navigator'''] uses a authorization system called ''Access Control Lists''. This system | [https://profitnavigator.net/ '''Profit Navigator'''] uses a authorization system called ''Access Control Lists''. This system | ||
| Line 6: | Line 7: | ||
role you wish and provide [[Create Permission|'''Create''']], [[Read Permission|'''Read''']], [[Update Permission|'''Update''']], [[Delete Permission|'''Delete''']], [[User Permission|'''User''']] or [[Facilitator Permission|'''Facilitator''']] permissions for these roles. | role you wish and provide [[Create Permission|'''Create''']], [[Read Permission|'''Read''']], [[Update Permission|'''Update''']], [[Delete Permission|'''Delete''']], [[User Permission|'''User''']] or [[Facilitator Permission|'''Facilitator''']] permissions for these roles. | ||
| − | Certain [[Core Roles|'''Core Roles''']] are already available to you if you do not wish to manage unique roles for your business and in fact, there are | + | |
| − | special permissions that can not be granted to roles that you create for certain core roles. These core roles are: | + | Certain [[Core Roles|'''Core Roles''']] are already available to you if you do not wish to manage unique roles for your business and in fact, there are special permissions that can not be granted to roles that you create for certain core roles. These core roles are: |
* [[Guest Role|'''Guest''']] | * [[Guest Role|'''Guest''']] | ||
* [[System Admin Role|'''System Admin (Special Permissions)''']] | * [[System Admin Role|'''System Admin (Special Permissions)''']] | ||
| Line 19: | Line 20: | ||
* [[Alliance Member Role|'''Alliance Member (Special Permissions)''']] | * [[Alliance Member Role|'''Alliance Member (Special Permissions)''']] | ||
* [[Alliance Facilitator Role|'''Alliance Facilitator (Special Permissions)''']] | * [[Alliance Facilitator Role|'''Alliance Facilitator (Special Permissions)''']] | ||
| + | |||
Each of these roles are defined by the Core system and are not editable. However, you may assign these roles to members of your business. | Each of these roles are defined by the Core system and are not editable. However, you may assign these roles to members of your business. | ||
The special roles have specific restrictions and permissions and as such may not be assigned except by members who possess those roles or have the [[System Admin Role|'''System Admin Role''']]. | The special roles have specific restrictions and permissions and as such may not be assigned except by members who possess those roles or have the [[System Admin Role|'''System Admin Role''']]. | ||
| + | |||
When editing roles for your business, at the bottom of the list of core roles (and any custom roles created for your business) is a button that will allow you to create a new role. When you click that button a new role will be created for your business and the role editor will appear. | When editing roles for your business, at the bottom of the list of core roles (and any custom roles created for your business) is a button that will allow you to create a new role. When you click that button a new role will be created for your business and the role editor will appear. | ||
| + | |||
Change the title of the role to any meaningful name. For example, if you wanted to create a role that only has access to enter monthly data; you could call the role "''Monthly Data Entry Manager''". You can also provide a description to help you remember what you want members with this role to do for you. It is suggested that you provide this description to help others who have access to your Roles system understand what this role is for. | Change the title of the role to any meaningful name. For example, if you wanted to create a role that only has access to enter monthly data; you could call the role "''Monthly Data Entry Manager''". You can also provide a description to help you remember what you want members with this role to do for you. It is suggested that you provide this description to help others who have access to your Roles system understand what this role is for. | ||
| + | |||
Below the name and description is a large list of navigation items. The list will contain every navigation item (''URI'') that '''YOU''' have access to. Beside each navigation item are the available permissions you can provide (note that some permissions have no effect on certain pages). Using the example above for the "''Monthly Data Entry Manager''" role, you will need to provide that role with [[Read Permission|'''Read''']] to the [[Planning|'''Planning''']] section. You will also need to provide that role with [[Create Permission|'''Create''']], [[Read Permission|'''Read''']] and [[Update Permission|'''Update''']] for the [[Monthly Data Entry|'''Monthly Data Entry''']] page. | Below the name and description is a large list of navigation items. The list will contain every navigation item (''URI'') that '''YOU''' have access to. Beside each navigation item are the available permissions you can provide (note that some permissions have no effect on certain pages). Using the example above for the "''Monthly Data Entry Manager''" role, you will need to provide that role with [[Read Permission|'''Read''']] to the [[Planning|'''Planning''']] section. You will also need to provide that role with [[Create Permission|'''Create''']], [[Read Permission|'''Read''']] and [[Update Permission|'''Update''']] for the [[Monthly Data Entry|'''Monthly Data Entry''']] page. | ||
| + | |||
Once you have finished granting the permissions to the newly created role, you will need to [[Rebuild Role Maps|'''Rebuild your Role Maps''']]. For safety, you should only rebuild your business' role maps after you have completely defined your new roles. | Once you have finished granting the permissions to the newly created role, you will need to [[Rebuild Role Maps|'''Rebuild your Role Maps''']]. For safety, you should only rebuild your business' role maps after you have completely defined your new roles. | ||
| + | Once you have created your new role and granted the permissions you want to provide to that role, you can then assign that role to any member of your business and they will have the new permissions granted to that role. | ||
| − | |||
Every member of your business can have multiple roles assigned to them which is described in more detail in [[Manage Business Credentials|'''Manage Business Credentials''']]. When you assign roles to members of your business, be aware that you are granting | Every member of your business can have multiple roles assigned to them which is described in more detail in [[Manage Business Credentials|'''Manage Business Credentials''']]. When you assign roles to members of your business, be aware that you are granting | ||
access to '''ALL''' the pages with '''ALL''' the permissions assigned to each role. For example, if the "''Monthly Data Entry Manager''" does not have access to your [[Preset GAAP KPIs]], and you created and assigned both of these roles to one of your members, then that member will have access to both the [[Monthly Data Entry]] page as well as the [[Preset GAAP KPIs]] pages with the highest level of permissions assigned to either role. | access to '''ALL''' the pages with '''ALL''' the permissions assigned to each role. For example, if the "''Monthly Data Entry Manager''" does not have access to your [[Preset GAAP KPIs]], and you created and assigned both of these roles to one of your members, then that member will have access to both the [[Monthly Data Entry]] page as well as the [[Preset GAAP KPIs]] pages with the highest level of permissions assigned to either role. | ||
| + | |||
| + | You may also delete any role you have created at any time, however be aware that when you delete a role that you have created anyone with that role attached will lose the permissions granted to them through that role. If a member of your business does not have any other role assigned to them when you delete their role, they will completely lose access to your business and you will have to contact the help-desk to restore their access. So when you plan on deleting a role you have created, it is best to assign the [[Guest Role|'''Guest Role''']] to those users before deleting the role. | ||
If you find that the [[Core Roles|'''Core Roles''']] are insufficient in providing you with the access restrictions you need and you are uncomfortable with creating new roles, [https://profitnavigator.net Profit Navigator] [[System Admin Role|System Administrators]] will be able to define roles according to your business' specific needs. | If you find that the [[Core Roles|'''Core Roles''']] are insufficient in providing you with the access restrictions you need and you are uncomfortable with creating new roles, [https://profitnavigator.net Profit Navigator] [[System Admin Role|System Administrators]] will be able to define roles according to your business' specific needs. | ||
Revision as of 04:17, 9 December 2018
Managing Roles Available to Your business
Profit Navigator uses a authorization system called Access Control Lists. This system is designed to provide the highest flexibility in restricting access to your business' financial data. As an Alliance Partner or Business Owner you have the right to create any new role you wish and provide Create, Read, Update, Delete, User or Facilitator permissions for these roles.
Certain Core Roles are already available to you if you do not wish to manage unique roles for your business and in fact, there are special permissions that can not be granted to roles that you create for certain core roles. These core roles are:
- Guest
- System Admin (Special Permissions)
- Alliance Partner (Special Permissions)
- Business Owner (Special Permissions)
- Editor
- Authorized User
- Sales Manager (Special Permissions)
- Sales Associate (Special Permissions)
- Direct Reports
- Alliance Member (Special Permissions)
- Alliance Facilitator (Special Permissions)
Each of these roles are defined by the Core system and are not editable. However, you may assign these roles to members of your business.
The special roles have specific restrictions and permissions and as such may not be assigned except by members who possess those roles or have the System Admin Role.
When editing roles for your business, at the bottom of the list of core roles (and any custom roles created for your business) is a button that will allow you to create a new role. When you click that button a new role will be created for your business and the role editor will appear.
Change the title of the role to any meaningful name. For example, if you wanted to create a role that only has access to enter monthly data; you could call the role "Monthly Data Entry Manager". You can also provide a description to help you remember what you want members with this role to do for you. It is suggested that you provide this description to help others who have access to your Roles system understand what this role is for.
Below the name and description is a large list of navigation items. The list will contain every navigation item (URI) that YOU have access to. Beside each navigation item are the available permissions you can provide (note that some permissions have no effect on certain pages). Using the example above for the "Monthly Data Entry Manager" role, you will need to provide that role with Read to the Planning section. You will also need to provide that role with Create, Read and Update for the Monthly Data Entry page.
Once you have finished granting the permissions to the newly created role, you will need to Rebuild your Role Maps. For safety, you should only rebuild your business' role maps after you have completely defined your new roles.
Once you have created your new role and granted the permissions you want to provide to that role, you can then assign that role to any member of your business and they will have the new permissions granted to that role.
Every member of your business can have multiple roles assigned to them which is described in more detail in Manage Business Credentials. When you assign roles to members of your business, be aware that you are granting
access to ALL the pages with ALL the permissions assigned to each role. For example, if the "Monthly Data Entry Manager" does not have access to your Preset GAAP KPIs, and you created and assigned both of these roles to one of your members, then that member will have access to both the Monthly Data Entry page as well as the Preset GAAP KPIs pages with the highest level of permissions assigned to either role.
You may also delete any role you have created at any time, however be aware that when you delete a role that you have created anyone with that role attached will lose the permissions granted to them through that role. If a member of your business does not have any other role assigned to them when you delete their role, they will completely lose access to your business and you will have to contact the help-desk to restore their access. So when you plan on deleting a role you have created, it is best to assign the Guest Role to those users before deleting the role.
If you find that the Core Roles are insufficient in providing you with the access restrictions you need and you are uncomfortable with creating new roles, Profit Navigator System Administrators will be able to define roles according to your business' specific needs.
