| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
...
Gruntify uses Role-Based Access Security (RBAC). The permissions to read, update, etc details are allocated to Roles, and then users are granted Roles. This allows permissions to be set quickly and to audit user privileges and quickly correct any issues. For background on RBAC, see our Blog entry Role-Based Security: Better Data Security for Field Service.
Standard Roles
Gruntify comes with 5 standard roles - Primary Owner, Owner, Controller, Worker, and Data Collector. The table below will show you the general area of responsibility for these Roles.
The There can only be one Primary Owner is a special roleat a time as a security measure. The user who creates a workspace becomes the Primary Owner , and they can control all the workspace settings on the workspace, including deleting being the only user able to delete the workspace.
The Primary Owner can assign the Primary Owner role to another user , and then the previously Primary Owner becomes an Owner. But there can only be one Primary Owner at a time. It is very important to protect access to the Primary Owner role.and will be demoted to a Owner. Only a Primary Owner can assign the Owner role to other users. Owners can create users, invite and assign Controller, Worker, and Data Collector to any user. But they other roles to users but cannot assign the Owner role to another user.
| Primary Owner | Owner | Controller | Worker | Data Collector |
|---|---|---|---|---|---|
Manage Users, Teams, Depots, Equipment, etc |  | |
|
| |
Manage Forms | | |
|
| |
Manage Maps | | |
|
| |
Manage Billing | | |
|
|
|
Delete Workspace | |
|
|
|
|
Create & Edit Requests | | | | | |
Create & Edit Jobs | | | | |
|
Administer Requests & Jobs | | | |
|
|
...
Custom Roles
Gruntify also supports customized custom roles , where but only the Primary Owner or any users with the Manage Roles permission can create custom roles for a workspace. In the Roles section of the Settings, you will find the list of standard roles and custom roles in your workspace. New roles can be created from scratch using the “New Role” button, while existing roles can be cloned and the copy modified.
You cannot change edit the standard roles , nor can you assign permission to add or change roles to any role. Changing the definitions of roles is only possible for the Primary Owner. Roles that have User Management Permission and Read Roles Permission or permissions in any way. Roles that have Users: Manage Users permission and Role: Read Roles permission canassign roles to users , but they cannot change the roles themselves.
...
Watch the movie below for more information on setting up custom roles.
| Widget Connector | ||||||
|---|---|---|---|---|---|---|
|
Update Time
When you change a role definition or change the roles allocated to a user, it may take up to 15 minutes for these changes to take effect on the Admin Portal or on the Mobile Apps. If you have added permissions then they will not see the additional functionality until their current session updates. If you have removed permissions, then any updates they do may result in an error - if they no longer have permission to update something then it will be picked up by the server and an error sent to the client.
The users can also log out and log in again, and they will pick up their new permissions.
Mobile Apps
The roles work across the whole of Gruntify, so they apply to the Mobile Apps as well. There aren’t any specific role screens as all role management is done in the Admin Portal.
With a customized role, the Mobile App users may see a new Permission denied screen (shown on right). They can tap on the “REQUEST PERMISSION” button and That capability is Managed by the Role: Manage Roles permission
| Note |
|---|
It is recommended that users log out then log in again to refresh their permissions once they are changed. The current session may have out-of-date permissions and any updates at this time may result in errors. |
An explanation on each permission in detail can be found here.
...
Custom Roles in Gruntify Mobile
...
Roles sync across Gruntify so they apply to Gruntify Mobile as well. Role Management is done in the Web App and is applied equally to Mobile.
Mobile App users attempting to access a function they do not have permissions for may see a Permission Denied screen. An example of this is shown to the right. If a permission update is requested, an email will be sent to the Primary Owner . If the customized role is missing a permission that it should have, change the role to include the permission. Within 15 minutes the changed permissions should update throughout Gruntify and all Mobile App users with that role will have the updated permissions.
This is one of the major advantages of role based systems - change it one place, and all users with that role get it automatically.
...
with a request for the appropriate permission.
It is up to the discretion of the primary owner whether or not to change the user’s active permissions.
Form Import/Export with Custom Roles
The custom roles may be used in the hide/show and read-only control level permissions that may be defined on a form, in the same way as the standard roles. If you export such a form and then import the form into another workspace, then the user will be warned that there are custom roles used on the form. We cannot automatically match up the custom roles as either a role with the same name may not exist in the destination workspace, or may have different permissions and automatically linking may lead to unexpected side effects. Instead, the user will be warned and they should fix up the permissions manually.
...
...
Given below are some roles that you may find helpful, along with the appropriate Permissions.
Form Designer or Form Manager
Professional: Requires Read Form and Manage Form.
Business: Requires Read Form and Manage Form. Suggest adding Read Asset and Update Asset
| Info |
|---|
If you want the Form Designer to run the asset migration after an asset form is updated, they must have Read Asset and Update Asset. |
User Manager
This role will allow the user to add new users, change existing users, set up teams, create and assign accreditations and equipment.
Professional: Requires Read Roles, Read Teams, Manage Teams, Read Users, Manage Users, Update User Preferences, Read User Profile, and ManageWorkspace.
Business: As above for Professional and then add Read Accreditations, Manage Accreditations, Read Stations (Depots), Manage Stations (Depots), Read Equipment, Manage Equipment.
...
Below is a video going into detail about Custom Roles.
| Widget Connector | ||||||
|---|---|---|---|---|---|---|
|
Related Articles
| Filter by label (Content by label) | ||||||
|---|---|---|---|---|---|---|
|
...