Managing Roles¶
Overview¶
In order to understand Users, Teams and Roles and how they work with each other, let's start by defining what each of these are:
- Users - refer to a person who can log into the system. In Mythradon we often refer to a 'User' as a standard or internal User in order to differentiate from a 'Portal User'. From a licensing perspective a 'User' must be an Employee of your company.
- Portal Users - refers to a person who can log into a portal. Such as a Customer or Partner. From a licensing perspective a 'Portal User' can not be an Employee of your company.
- Teams - are groups of standard Users. Teams are used in conjunction with the definition of Roles to control access to records. Teams are also used for Lead and Case assignment rules.
- Roles - are used to control permission restrictions for standard Users (Not Portal Users) to entities, fields and other system wide features.
When you are initially setting up your system it is best practice to use the following sequence:
- Roles - define the Roles that you need for internal/standard users. For example: Sales Manager, Sales Rep, Customer Service Manager, Customer Service Operator, Case Manager etc.
- Teams - define the Teams that you need. For example: Australian Sales Team, New Zealand Sales Team, Customer Service Team etc.
- Users - create the Users and allocate Roles and membership to appropriate Teams.
If you are a small business with simple requirements, we have pre-defined a list of System Roles that you can duplicate and apply to your users immediately:
If you have a Portal it is best practice to also setup:
- Portal Roles - define the Roles that you need for external Portal Users.
- Portal Users - create the Portal Users and allocate Portal Roles.
Roles¶
Roles are used in Mythradon to control access to application functionality as well as define the access level for CRUD (Create, Read, Update and Delete) features for all Entities.
System Administrators can manage roles through the Administration panel. Each role defines access to certain areas (scopes) which are applied to Users who own that Role.
The above image shows a sample Role that has access defined for the 'Account' entity that entitles Users with this Role to Read/View all Account records but they are not able to Create, Edit or Delete Accounts. They can also view Stream records on the Account that are from their Team only.
The access scope for each entity in the system is defined by Roles. This scope comprises of:
Scope | Description |
---|---|
Access | Controls if the Entity is available on the Role. Possible values are:
|
Create | Controls if the Role will allow for the creation of new records for the specific entity. Possible values are:
|
Read | Controls if the Role will allow for reading of records from the specific entity. Possible values are:
|
Edit | Controls if the Role will allow editing of records from the specific entity. Possible values are: Possible values are:
|
Delete | Controls if the Role will allow deleting of records from the specific entity. Possible values are:
|
Stream | Controls if the Role will allow access to records in the entity's stream. Possible values are:
|
Note: It is possible that some Entities may not have access to all the scopes that are listed. For each specific Entity, developers have the option to enable or disable the scopes as needed.
Multiple Roles¶
One user can have multiple roles. Those Roles can be selected for a specific User and/or be inherited from the Teams that the User belongs to.
If a user has multiple Roles, then they will be merged so that the permissive rule will have a higher priority. This provides a great deal of flexibility for System Administrators to manage and define Roles.
Examples of the scope that will be prioritised when merging two or more roles are:
- all + not-set = all
- team + not-set = team
- own + not-set = own
- no + not-set = no
- not-set + not-set = no
- all + team = all (more permissive get a higher priority)
- team + own = team (more permissive get a higher priority)
It's possible to see what permissions are applied to a certain user by clicking the Access
button on the user's detail view.
System Managed Roles¶
System Managed Roles are roles that are pre-defined by Mythradon for different business scenarios. These roles can be used for your users, however they will be automatically updated by Mythradon in each release as needed.
For small businesses with simple requirements, these System Roles can be used directly to provide an easy and quick way to get your business up and running. If you are concerned that the roles may change and impact your business unexpectedly due to a Mythradon release, we recommend that you duplicate the specific role(s) that you require. This way you can update them based on your business requirements.
Currently, Mythradon supports four types of System Roles:
-
Base Roles: The Base Roles provide access to the base entities such as
Accounts
,Contacts
,Emails
,Documents
, etc. These roles are:- Base All Level Access: Access base entities with full permission.
- Base Team Level Access: Access records of base entities that belong to the users
Team(s)
only
-
Sales Roles: The Sales Roles provide different permission for Mythradon Sales. These roles are:
- Product Administrator: Permission to
Create
andEdit
Products
,Brands
andTax Classes
.
- Sales Administrator: Permission
Create
andEdit
on Mythradon Sales entities such asInvoices
,Quotes
,Products
,Brands
andTax Classes
.
- Sales Person: Limited permission for a sale person on Mythradon Sales entities, intended for the creation of
Quotes
andInvoices
. For example, a sale person has read-only permission toBrands
.
- Product Administrator: Permission to
-
Pre Sales Roles: The Pre Sales Roles provide permission to the Mythradon Pre Sales entities such as
Campaigns
,Leads
,Opportunities
andTarget Lists
. These roles are:- Pre Sales All Access: Access Mythradon Pre Sales entities with full permission
- Pre Sales Team Access: Access records of Mythradon Pre Sales entities that belong to the users
Team(s)
only
-
Support Roles: The Support Roles provide permission to Support Team members to perform basic tasks such as accessing
Cases
and theKnowledge Base
. These roles are:- Support All Level Access: Access Support entities except for
Case Automations
andCase Automation Logs
with full permission
- Support Manager: Access Support entities,
Case Automations
andCase Automation Logs
with full permission
- Support Team Level Access: Access records of
Cases
andKnowledge Base
that belong to the usersTeam(s)
only
- Support All Level Access: Access Support entities except for
-
eForm Roles: The eForm Roles provide permissions to the Mythradon eForms. One is designed specifically for eForm Administration and the other for general use of eForms.
- eForms Administrator - System Managed - Role designed to be provided to Mythradon eForm Administrators.
- eForms User All Access - System Managed - Role designed to be provided to standard users that need access to Mythradon eForms.
To access System Roles:
- Select
Administration | Roles
from the Menu Button - You can now access a list of System Roles
Note: System Roles do not include the 'Delete' permission.
Creating Roles¶
It is best to define the Roles that you want to use before creating Users.
- Select
Administration | Roles
from the Menu Button - Press the
Create Role
button
Roles consist of three sections:
Role Settings¶
These values are singular. Only one set of values per Role.
Properties
Property | Description |
---|---|
Name | The name of the Role |
Export Permission | Controls if the Role is enabled for Exporting Data. If you don't want the User to be able to export data then disable this in their Role |
User Permission | Allows to restrict an ability for users to view activities, calendar and stream of other users. Option are:
|
Assignment Permission | Allows to restrict an ability to assign records and post messages to other users.
|
Portal Permission | Defines access to portal information and ability to post messages to portal users |
Group Email Account Permission | Defines access to Group Email Accounts and ability to send emails from group SMTP email accounts |
Data Privacy Permission | Allows to view and erase personal data |
Mass Update Permission | Defines whether users have an ability to do mass update of records |
Follower Management Permission | Defines whether users have the ability to manage the users that are following a record |
Note: Please be advised that access to Group Email Folders is managed through Teams, and not by the Group Email Account Permission on Roles. Nevertheless, access to the individual Emails within a Group Email Folder is determined by the respective Roles.
Role Entity Permissions (Scope)¶
These settings are for each Entity in the system.
- Select the required entity and set the Access to Enabled or Disabled
- Set the required Create, Read, Edit, Delete and Stream permissions
- Save the Role when completed
Entity Field Level Permissions¶
The Field Level Permissions allow you to define very granular levels of access to each Entity. Specifically Read and Edit permissions on every field. By default all fields are enabled for both Read and Edit.
To set the specific restrictions:
- Select the required Entity in the
Field Level
section of the Role - Select the required Field in the Entity
- Set the
Read
andEdit
permissions as required - Save the Role when completed
Note: If new Entities are created in the system you will need to update all Roles to restrict the access. By default the Users will have complete access to any new Entities.
Exporting & Importing Roles¶
The definition of Roles and Portal Roles is stored in the database. They are not part of the application metadata and therefore need to be re-created in subsequent environments as part of your software implementation process.
In order to simplify the migration of role definitions, Mythradon supports the ability to export and import the roles using CSV file formats and the standard Data Import Wizard.
Exporting Roles¶
To export Role/s:
- Select
Administration | Roles
from the Menu Button - Select the roles you wish to export using the checkbox on the
Role List View
as shown in the following image - Select the
Export
option from theAction
button menu - Select
CSV
andExport All Fields
and press theExport
button
This will download the CSV file containing the definitions of the Roles that you selected. This file can be used to import the Roles into another environment or added to your GIT repository.
Note: The same export functionality is available on Portal Role.
Top | Exporting & Importing Roles
Importing Roles¶
To import Role/s:
- Select
Administration | Import
from the Menu Button - Select either
Role
orPortal Role
as the Entity Type to import - Click the
Choose file
button and select your CSV file to import - Follow the process through the Import Wizard and import your roles.
Top | Exporting & Importing Roles
See also¶
- Mythradon Basics
- Mythradon Marketing
- Mythradon Sales
- Mythradon Service
- Mythradon System Administration
- Mythradon Tools