Roles: Selection and Custom Roles

Gruntify uses Role-Based Access Security (RBAC). The permissions to read, update, etc details are allocated to Roles, and then users are granted Roles. This allows permissions to be set quickly and to audit user privileges and quickly correct any issues. For background on RBAC, see our Blog entry Role-Based Security: Better Data Security for Field Service.

Standard Roles

Gruntify comes with 5 standard roles - Primary Owner, Owner, Controller, Worker, and Data Collector. The table below will show you the general area of responsibility for these Roles.

The Primary Owner is a special role. The user who creates a workspace becomes the Primary Owner, and they can control all the settings on the workspace, including deleting the workspace. The Primary Owner can assign the Primary Owner role to another user, and then the previously Primary Owner becomes an Owner. But there can only be one Primary Owner at a time. It is very important to protect access to the Primary Owner role.

Only a Primary Owner can assign the Owner role to other users. Owners can create users, and assign Controller, Worker, and Data Collector to any user. But they cannot assign the Owner role to another user.

 

Primary Owner

Owner

Controller

Worker

Data Collector

 

Primary Owner

Owner

Controller

Worker

Data Collector

Manage Users, Teams, Depots, Equipment, etc

 

  

 

Manage Forms

 

  

 

Manage Maps

 

 

 

  

 

Manage Billing

 

 

  

 

Delete Workspace

 

 

 

 

Create & Edit Requests

 

Create & Edit Jobs

 

 

Administer Requests & Jobs

  

 

 

Custom Roles

Gruntify also supports customized roles, where the Primary Owner can create roles for a workspace. In the Roles section of the Settings, you will find the list of standard roles and custom roles in your workspace. New roles can be created from scratch using the “New Role” button, while existing roles can be cloned and the copy modified.

You cannot change the standard roles, nor can you assign permission to add or change roles to any role. Changing the definitions of roles is only possible for the Primary Owner. Roles that have User Management Permission and Read Roles Permission can assign roles to users, they cannot change the roles themselves.

Click to Zoom

 

Watch the movie below for more information on setting up custom roles.

Update Time

When you change a role definition or change the roles allocated to a user, it may take up to 15 minutes for these changes to take effect on the Admin Portal or on the Mobile Apps. If you have added permissions then they will not see the additional functionality until their current session updates. If you have removed permissions, then any updates they do may result in an error - if they no longer have permission to update something then it will be picked up by the server and an error sent to the client.

The users can also log out and log in again, and they will pick up their new permissions.

 

Click to Zoom

Mobile Apps

The roles work across the whole of Gruntify, so they apply to the Mobile Apps as well. There aren’t any specific role screens as all role management is done in the Admin Portal.

With a customized role, the Mobile App users may see a new Permission denied screen (shown on right). They can tap on the “REQUEST PERMISSION” button and an email will be sent to the Primary Owner. If the customized role is missing a permission that it should have, change the role to include the permission. Within 15 minutes the changed permissions should update throughout Gruntify and all Mobile App users with that role will have the updated permissions.

This is one of the major advantages of role based systems - change it one place, and all users with that role get it automatically.

 

Form Import and Export

The custom roles may be used in the hide/show and read-only control level permissions that may be defined on a form, in the same way as the standard roles. If you export such a form and then import the form into another workspace, then the user will be warned that there are custom roles used on the form. We cannot automatically match up the custom roles as either a role with the same name may not exist in the destination workspace, or may have different permissions and automatically linking may lead to unexpected side effects. Instead, the user will be warned and they should fix up the permissions manually.

Import and Export Form Warnings

Role Suggestions

Given below are some roles that you may find helpful, along with the appropriate Permissions.

Form Designer or Form Manager

Professional: Requires Read Form and Manage Form.

Business: Requires Read Form and Manage Form. Suggest adding Read Asset and Update Asset

If you want the Form Designer to run the asset migration after an asset form is updated, they must have Read Asset and Update Asset.

User Manager

This role will allow the user to add new users, change existing users, set up teams, create and assign accreditations and equipment.

Professional: Requires Read Roles, Read Teams, Manage Teams, Read Users, Manage Users, Update User Preferences, Read User Profile, and Manage Workspace.

Business: As above for Professional and then add Read Accreditations, Manage Accreditations, Read Stations (Depots), Manage Stations (Depots), Read Equipment, Manage Equipment.

If you do not want your User Manager to have access to the billing information then remove ManageWorkspace, but they will not be able to add users, only change existing users. Adding users may require adding more seats, and hence changing the billing.