Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Gruntify uses Role-Based Access Security (RBAC). The permissions to read, update, etc details are allocated to Roles, and then users are granted Roles. This allows permissions to be set quickly and to audit user privileges and quickly correct any issues. For background on RBAC, see our Blog entry Role-Based Security: Better Data Security for Field Service.

Standard Roles

Gruntify comes with 5 standard roles - Primary Owner, Owner, Controller, Worker, and Data Collector. The table below will show you the general area of responsibility for these Roles.



Primary Owner




Data Collector

Manage Users, Teams, Depots, Equipment, etc



Manage Forms



Manage Maps



Manage Billing




Delete Workspace





Create & Edit Requests

Create & Edit Jobs


Administer Requests & Jobs




Custom Roles

Gruntify also supports customized roles, where the Primary Owner can create roles for a workspace. In the Roles section of the Settings, you will find the list of standard roles and custom roles in your workspace. New roles can be created from scratch using the “New Role” button, while existing roles can be cloned and the copy modified.


Widget Connector

Update Time

When you change a role definition or change the roles allocated to a user, it may take up to 15 minutes for these changes to take effect on the Admin Portal or on the Mobile Apps. If you have added permissions then they will not see the additional functionality until their current session updates. If you have removed permissions, then any updates they do may result in an error - if they no longer have permission to update something then it will be picked up by the server and an error sent to the client.

The users can also log out and log in again, and they will pick up their new permissions.

Mobile Apps

The roles work across the whole of Gruntify, so they apply to the Mobile Apps as well. There aren’t any specific role screens as all role management is done in the Admin Portal.


This is one of the major advantages of role based systems - change it one place, and all users with that role get it automatically.

Form Import and Export

The custom roles may be used in the hide/show and read-only control level permissions that may be defined on a form, in the same way as the standard roles. If you export such a form and then import the form into another workspace, then the user will be warned that there are custom roles used on the form. We cannot automatically match up the custom roles as either a role with the same name may not exist in the destination workspace, or may have different permissions and automatically linking may lead to unexpected side effects. Instead, the user will be warned and they should fix up the permissions manually.


Role Suggestions

Given below are some roles that you may find helpful, along with the appropriate Permissions.

Form Designer or Form Manager

Professional: Requires Read Form and Manage Form.



If you want the Form Designer to run the asset migration after an asset form is updated, they must have Read Asset and Update Asset.

User Manager

This role will allow the user to add new users, change existing users, set up teams, create and assign accreditations and equipment.

Professional: Requires Read Roles, Read Teams, Manage Teams, Read Users, Manage Users, Update User Preferences, Read User Profile, and ManageWorkspaceManage Workspace.

Business: As above for Professional and then add Read Accreditations, Manage Accreditations, Read Stations (Depots), Manage Stations (Depots), Read Equipment, Manage Equipment.


If you do not want your User Manager to have access to the billing information then remove ManageWorkspace, but they will not be able to add users, only change existing users. Adding users may require adding more seats, and hence changing the billing.


Filter by label (Content by label)
cqllabel = "users"