Roles, Custom Roles and Permissions
Professional Business Enterprise
Gruntify uses Role-Based Access Security (RBAC). The permissions to read, update, etc details are allocated to Roles, and then users are granted Roles. This allows permissions to be set quickly and to audit user privileges and quickly correct any issues. For background on RBAC, see our Blog entry Role-Based Security: Better Data Security for Field Service.
Standard Roles
Gruntify comes with 5 standard roles - Primary Owner, Owner, Controller, Worker, and Data Collector. The table below will show you the general area of responsibility for these Roles.
There can only be one Primary Owner at a time as a security measure. The user who creates a workspace becomes the Primary Owner and can control all workspace settings, including being the only user able to delete the workspace.
The Primary Owner can assign the Primary Owner role to another user and will be demoted to a Owner. Only a Primary Owner can assign the Owner role to other users. Owners can invite and assign other roles to users but cannot assign the Owner role to another user.
| Primary Owner | Owner | Controller | Worker | Data Collector |
---|---|---|---|---|---|
Manage Users, Teams, Depots, Equipment, etc |
|
|
| ||
Manage Forms |
|
|
| ||
Manage Maps |
|
|
|
|
|
Manage Billing |
|
|
|
| |
Delete Workspace |
|
|
|
| |
Create & Edit Requests |
| ||||
Create & Edit Jobs |
|
| |||
Administer Requests & Jobs |
|
|
Custom Roles
Gruntify supports custom roles but only the Primary Owner or any users with the Manage Roles permission can create custom roles for a workspace. In the Roles section of the Settings, you will find the list of standard roles and custom roles in your workspace. New roles can be created from scratch using the “New Role” button, while existing roles can be cloned and modified.
You cannot edit the standard roles or permissions in any way. Roles that have Users: Manage Users permission and Role: Read Roles permission can assign roles to users but they cannot change the roles themselves. That capability is Managed by the Role: Manage Roles permission
It is recommended that users log out then log in again to refresh their permissions once they are changed. The current session may have out-of-date permissions and any updates at this time may result in errors.
An explanation on each permission in detail can be found here.
Custom Roles in Gruntify Mobile
Roles sync across Gruntify so they apply to Gruntify Mobile as well. Role Management is done in the Web App and is applied equally to Mobile.
Mobile App users attempting to access a function they do not have permissions for may see a Permission Denied screen. An example of this is shown to the right. If a permission update is requested, an email will be sent to the Primary Owner with a request for the appropriate permission.
It is up to the discretion of the primary owner whether or not to change the user’s active permissions.
Form Import/Export with Custom Roles
The custom roles may be used in the hide/show and read-only control level permissions that may be defined on a form, in the same way as the standard roles. If you export such a form and then import the form into another workspace, then the user will be warned that there are custom roles used on the form. We cannot automatically match up the custom roles as either a role with the same name may not exist in the destination workspace, or may have different permissions and automatically linking may lead to unexpected side effects. Instead, the user will be warned and they should fix up the permissions manually.
Below is a video going into detail about Custom Roles.
Related Articles