Roles
Each User has a specific Role in the Company. The Role of the User in the Company determines the availability of specific permissions for them.
Roles are a common entity for the entire system, not tied to specific Companies. After setting up a new Role, it can be used in all Companies.
Description of practical interaction with Roles on the platform in the section: "“Roles” page".
The Role of the User in each Company can be specific and unique.
Default Roles
There are three default Roles on the platform:
- "Super Admin" - is a Role for employees who deeply understand how the entire system works and are responsible for supporting all other Users and administrators of their company and its subsidiaries. It includes all platform features and unique permissions that cannot be granted within custom Roles.
- “Company Admin” – is a Role intended for top company administrators of any level. It includes all platform features and unique permissions that cannot be granted within custom Roles. The difference between the Company Admin and the Super Admin is that the Company Admin cannot create new Device IDs.
- "End user" - is a Role that only allows control of end devices. If the User's Role is not defined, they will have the "End user" Role by default.
The system provides the ability to create customizable Roles with a flexible choice of permissions list within the new Role. Depending on the Role, a User may have access to specific permissions and may not have access to other permissions.
The Super Admin may initially create an additional Role with permission to manage Roles. Each User with this Role will be able to create new Roles.
All Roles on the platform are displayed in the global list.
For User security, creating or editing Roles requires Super Admin approval.
Role permissions
A User who has permission to manage Roles can use the following list of permissions when configuring a Role while creating or editing it:
- Control devices;
- Delete Companies;
- Delete Devices;
- Delete Roles;
- Delete User's Participation;
- Delete Users;
- Flash Device;
- Manage additional info templates;
- Manage Companies;
- Manage Devices;
- Manage products;
- Manage reports;
- Manage Roles;
- Manage Snapshots;
- Manage User's Participation;
- Manage Users;
- Service devices;
- View Companies;
- View devices;
- View monitoring;
- View my requests;
- View own reports;
- View Roles;
- View Users.
The following list of permissions is only available to Users with the default Super Admin and Company Admin Roles. These permissions cannot be applied to custom Roles within the platform:
- Add Device IDs (Super Admin only);
- Manage requested actions;
- Restore Companies;
- Restore Device IDs;
- Restore Roles;
- Restore Users;
- View requested actions.
If the User does not have access to the necessary features, they can be given a different Role or include the required permissions in the current Role.
Example: One Company, the "Company," has 6 Users. Each User has a Role in this Company.
- "User 1" and “User 2" can manage User's Participation, Roles, and Users.
- "User 3" can manage Companies, devices, and Device IDs.
- "User 4" and "User 5" can control devices, and view other Companies and Users.
- "User 6" can manage Users, view other Companies, view system monitoring, and Roles.
If the User has permission to manage an entity (for example, manage Companies), they automatically have permission to view it (for example, view Companies).
If the User has only permission to view an entity, they can view it but cannot manage it.
Multiple Companies for one User
The platform supports the ability to connect one User to several Companies.
Example: One User, "User," connects to 6 Companies. In each of the Companies, the User has a Role.
- For "Company A" and “Company B", the User has “Role 1” and can manage User’s Participation, Roles, and Users.
- For "Company C", the User has “Role 2” and can manage Companies, devices, and Device IDs.
- For "Company D" and "Company E", the User has “Role 3” and can control their devices, and view other Companies and Users.
- For "Company F", the User has “Role 4” and can manage Users and view other Companies, system monitoring, and Roles.
Description of practical interaction with the selection of a Company for one User on the platform in the section: "Company selection".
Role properties
- The created Roles are displayed globally and are visible to all Companies. Such there is no need to create Roles for every Company. It is enough to make a fundamental list of Roles once.
- Super Admin, Company Admin, or administrator with the appropriate permissions can create or change Roles on the platform. Roles created by Super Admin appear in the system immediately. Roles proposed by other admins require the Super Admin's approval.
- Each User can only have one Role in one Company.
- The number of Roles is limited only by the number of combinations of permissions available on the platform.
Example: There are four Companies: "Main", "A.1", "B.1", and "A.2". Each Company has one User with different Roles:
- “E.1” User with the “Super Admin” Role in the "Main" Company. “E.1” User has access to all permissions on the platform.
- “A.1” User with the "Manage Roles" Role in the "A.1" Company. "A.1" User can manage Roles on the platform.
- “B.1” User with the "Manage Users" Role in the "B.1" Company. "B.1" User can manage Users on the platform.
- “A.2” User with the "Manage Users" Role in the "A.2" Company. "A.2" User can manage Users on the platform.
# | Situation | Answer |
---|---|---|
1. | The "A.1" User wants to change the Role of the "B.1" User. | "A.1" User can easily change the Role of the "B.1" User. |
2. | "A.1" User wants to change their own Role. | To change their own Role, the User needs the approval of the "E.1" User with the "Super Admin" Role. Although the "A.1" User can manage Roles, they cannot change their Role without approval. |
3. | "A.1" User wants to create a new Role or modify an existing one. | To create a new Role or change an existing one needs the approval of the "E.1" User with the "Super Admin" Role. Although the "A.1" User can manage Roles, they cannot create new Roles or change existing ones without approval. |
4. | The "A.1" User wants to change the Role of the "A.2" User. | "A.1" User does not see the Сompany “A2” and its users and cannot change the User's Role "A.2". "A.1" User can only manage their own Company and subsidiaries. Companies "A.1" and "A.2" are not related. |