Skip to content

Managing Roles

Mythradon Role Management

Overview

In order to understand Users, Teams and Roles and how they work with each other, let's start by defining what each of these are:

  • Users - refer to a person who can log into the system. In Mythradon we often refer to a 'User' as a standard or internal User in order to differentiate from a 'Portal User'. From a licensing perspective a 'User' must be an Employee of your company.
  • Portal Users - refers to a person who can log into a portal. Such as a Customer or Partner. From a licensing perspective a 'Portal User' can not be an Employee of your company.
  • Teams - are groups of standard Users. Teams are used in conjunction with the definition of Roles to control access to records. Teams are also used for Lead and Case assignment rules.
  • Roles - are used to control permission restrictions for standard Users (Not Portal Users) to entities, fields and other system wide features.

When you are initially setting up your system it is best practice to use the following sequence:

  • Roles - define the Roles that you need for internal/standard users. For example: Sales Manager, Sales Rep, Customer Service Manager, Customer Service Operator, Case Manager etc.
  • Teams - define the Teams that you need. For example: Australian Sales Team, New Zealand Sales Team, Customer Service Team etc.
  • Users - create the Users and allocate Roles and membership to appropriate Teams.

If you are a small business with simple requirements, we have pre-defined a list of System Roles that you can duplicate and apply to your users immediately:

If you have a Portal it is best practice to also setup:

  • Portal Roles - define the Roles that you need for external Portal Users.
  • Portal Users - create the Portal Users and allocate Portal Roles.

Top

Roles

Roles are used in Mythradon to control access to application functionality as well as define the access level for CRUD (Create, Read, Update and Delete) features for all Entities.

System Administrators can manage roles through the Administration panel. Each role defines access to certain areas (scopes) which are applied to Users who own that Role.

Mythradon Roles

The above image shows a sample Role that has access defined for the 'Account' entity that entitles Users with this Role to Read/View all Account records but they are not able to Create, Edit or Delete Accounts. They can also view Stream records on the Account that are from their Team only.

The access scope for each entity in the system is defined by Roles. This scope comprises of:

Scope Description
Access Controls if the Entity is available on the Role. Possible values are:
  • not-set - No access is being granted
  • enabled - Access is being granted as it is currently enabled
  • disabled - Access has been denied as it is currently disabled.
Create Controls if the Role will allow for the creation of new records for the specific entity. Possible values are:
  • yes - Role allows the creation of new records for the specific entity
  • no - Role does not allows the creation of new records for the specific entity.
Read Controls if the Role will allow for reading of records from the specific entity. Possible values are:
  • all - Role provides read access to all records in the entity
  • team - Read access to records is limited to the User's Team/s to which they are assigned
  • own - Read access is limited to records for which the User is directly assigned as the owner.
  • no - Read access has not been granted to any records in the entity.
Edit Controls if the Role will allow editing of records from the specific entity. Possible values are: Possible values are:
  • all - Role provides edit access to all records in the entity
  • team - Edit access to records is limited to the User's Team/s to which they are assigned
  • own - Edit access is limited to records for which the User is directly assigned as the owner
  • no - Edit access has not been granted to any records in the entity.
Delete Controls if the Role will allow deleting of records from the specific entity. Possible values are:
  • all - Role has no restriction on the deletion of any record in the entity
  • team - Delete access to records is limited to the User's Team/s to which they are assigned
  • own - Delete access is limited to records for which the User is directly assigned as the owner
  • no - Delete access has not been granted to any records in the entity.
Stream Controls if the Role will allow access to records in the entity's stream. Possible values are:
  • all - Role has no restriction on the creation or visbility of Stream records for any records in the entity
  • team - Read access to records in the Stream is limited to the User's Team/s to which they are assigned on the specific entity record
  • own - Access is limited to Stream records for which the User is directly assigned as the owner on the specific entity record
  • no - Access has not been granted to any Stream records in the entity.

Note: It is possible that some Entities may not have access to all the scopes that are listed. For each specific Entity, developers have the option to enable or disable the scopes as needed.

Top

Multiple Roles

One user can have multiple roles. Those Roles can be selected for a specific User and/or be inherited from the Teams that the User belongs to.

If a user has multiple Roles, then they will be merged so that the permissive rule will have a higher priority. This provides a great deal of flexibility for System Administrators to manage and define Roles.

Examples of the scope that will be prioritised when merging two or more roles are:

  • all + not-set = all
  • team + not-set = team
  • own + not-set = own
  • no + not-set = no
  • not-set + not-set = no
  • all + team = all (more permissive get a higher priority)
  • team + own = team (more permissive get a higher priority)

It's possible to see what permissions are applied to a certain user by clicking the Access button on the user's detail view.

Mythradon User Access Roles

Top

System Managed Roles

Mythradon System Managed Roles

System Managed Roles are roles that are pre-defined by Mythradon for different business scenarios. These roles can be used for your users, however they will be automatically updated by Mythradon in each release as needed.

For small businesses with simple requirements, these System Roles can be used directly to provide an easy and quick way to get your business up and running. If you are concerned that the roles may change and impact your business unexpectedly due to a Mythradon release, we recommend that you duplicate the specific role(s) that you require. This way you can update them based on your business requirements.

Currently, Mythradon supports four types of System Roles:

  • Base Roles: The Base Roles provide access to the base entities such as Accounts, Contacts, Emails, Documents, etc. These roles are:

    • Base All Level Access: Access base entities with full permission.
    • Base Team Level Access: Access records of base entities that belong to the users Team(s) only

  • Sales Roles: The Sales Roles provide different permission for Mythradon Sales. These roles are:

    • Product Administrator: Permission to Create and Edit Products, Brands and Tax Classes.
    • Sales Administrator: Permission Create and Edit on Mythradon Sales entities such as Invoices, Quotes, Products, Brands and Tax Classes.
    • Sales Person: Limited permission for a sale person on Mythradon Sales entities, intended for the creation of Quotes and Invoices . For example, a sale person has read-only permission to Brands.

  • Pre Sales Roles: The Pre Sales Roles provide permission to the Mythradon Pre Sales entities such as Campaigns, Leads, Opportunities and Target Lists. These roles are:

    • Pre Sales All Access: Access Mythradon Pre Sales entities with full permission
    • Pre Sales Team Access: Access records of Mythradon Pre Sales entities that belong to the users Team(s) only

  • Support Roles: The Support Roles provide permission to Support Team members to perform basic tasks such as accessing Cases and the Knowledge Base. These roles are:

    • Support All Level Access: Access Support entities except for Case Automations and Case Automation Logs with full permission
    • Support Manager: Access Support entities, Case Automations and Case Automation Logs with full permission
    • Support Team Level Access: Access records of Cases and Knowledge Base that belong to the users Team(s) only

  • eForm Roles: The eForm Roles provide permissions to the Mythradon eForms. One is designed specifically for eForm Administration and the other for general use of eForms.

    • eForms Administrator - System Managed - Role designed to be provided to Mythradon eForm Administrators.
    • eForms User All Access - System Managed - Role designed to be provided to standard users that need access to Mythradon eForms.

To access System Roles:

  • Select Administration | Roles from the Menu Button
  • You can now access a list of System Roles

System Roles List View

Note: System Roles do not include the 'Delete' permission.

Top

Creating Roles

It is best to define the Roles that you want to use before creating Users.

  • Select Administration | Roles from the Menu Button
  • Press the Create Role button

Roles consist of three sections:

Top

Role Settings

These values are singular. Only one set of values per Role.

Mythradon Role Header Settings

Properties

Property Description
Name The name of the Role
Export Permission Controls if the Role is enabled for Exporting Data. If you don't want the User to be able to export data then disable this in their Role
User Permission Allows to restrict an ability for users to view activities, calendar and stream of other users. Option are:
  • all - can view all
  • team - can view activities of teammates only
  • no - can't view
Assignment Permission Allows to restrict an ability to assign records and post messages to other users.
  • all - no restriction
  • team - can assign and post only to teammates
  • no - can assign and post only to self
Portal Permission Defines access to portal information and ability to post messages to portal users
Group Email Account Permission Defines access to Group Email Accounts and ability to send emails from group SMTP email accounts
Data Privacy Permission Allows to view and erase personal data
Mass Update Permission Defines whether users have an ability to do mass update of records
Follower Management Permission Defines whether users have the ability to manage the users that are following a record

Note: Please be advised that access to Group Email Folders is managed through Teams, and not by the Group Email Account Permission on Roles. Nevertheless, access to the individual Emails within a Group Email Folder is determined by the respective Roles.

Top

Role Entity Permissions (Scope)

These settings are for each Entity in the system.

  • Select the required entity and set the Access to Enabled or Disabled
  • Set the required Create, Read, Edit, Delete and Stream permissions
  • Save the Role when completed

Mythradon Role Entity Permissions

Top

Entity Field Level Permissions

The Field Level Permissions allow you to define very granular levels of access to each Entity. Specifically Read and Edit permissions on every field. By default all fields are enabled for both Read and Edit.

To set the specific restrictions:

  • Select the required Entity in the Field Level section of the Role
  • Select the required Field in the Entity
  • Set the Read and Edit permissions as required
  • Save the Role when completed

Mythradon Role Field Permissions

Note: If new Entities are created in the system you will need to update all Roles to restrict the access. By default the Users will have complete access to any new Entities.

Top

Exporting & Importing Roles

The definition of Roles and Portal Roles is stored in the database. They are not part of the application metadata and therefore need to be re-created in subsequent environments as part of your software implementation process.

In order to simplify the migration of role definitions, Mythradon supports the ability to export and import the roles using CSV file formats and the standard Data Import Wizard.

Exporting Roles

To export Role/s:

  • Select Administration | Roles from the Menu Button
  • Select the roles you wish to export using the checkbox on the Role List View as shown in the following image
  • Select the Export option from the Action button menu
  • Select CSV and Export All Fields and press the Export button

This will download the CSV file containing the definitions of the Roles that you selected. This file can be used to import the Roles into another environment or added to your GIT repository.

Role Selection for Export

Note: The same export functionality is available on Portal Role.

Top | Exporting & Importing Roles

Importing Roles

To import Role/s:

  • Select Administration | Import from the Menu Button
  • Select either Role or Portal Role as the Entity Type to import
  • Click the Choose file button and select your CSV file to import
  • Follow the process through the Import Wizard and import your roles.

Import Roles

Top | Exporting & Importing Roles

See also

Top