|
|
(16 intermediate revisions by 2 users not shown) |
Line 1: |
Line 1: |
− | ==Setting Manager Permissions==
| + | #REDIRECT [[:Roles and Security Settings]] |
− | | |
− | System and application manager functions are controlled through [[Role|role]] based permissions. You will need to set these permissions before you can fully configure the system.
| |
− | | |
− | These permissions control both permissions and restrictions:
| |
− | * '''Permissions''' – enhanced functionality for people in a [[Role|role]] associated with the permission.
| |
− | * '''Restrictions''' – reduced functionality for people in a [[Role|role]] associated with the restriction.
| |
− | * [[Universal Tracking Application]] ([[UTA]]) Permissions – When you start to add your own [[Application|application]] to the system you will use the Manager Permissions settings page to control access to these [[Application|applications]].
| |
− | | |
− | 1. Click the [[Configuration Menu|Configuration]], Roles & Permissions [[Menu|menu]].
| |
− | | |
− | The '''Permission Settings''' are located at the bottom of the page.
| |
− | | |
− | [[Image:Perm.png]]
| |
− |
| |
− | 2. Click the '''Manager Permissions''' link.
| |
− | | |
− | The '''Manager Permissions''' page is displayed.
| |
− | | |
− | [[Image:Perm2.png]]
| |
− |
| |
− | Not all [[Role|roles]] displayed may exist in your [[Instance|instance]].
| |
− | | |
− | This screen is divided into a number of sections.
| |
− | * Permissions, Restrictions and [[UTA]] Permissions (and restrictions) are selected from the left panel.
| |
− | * [[Role|Roles]] that you may wish to associate with the selected permission are selected in the right panel.
| |
− | * The '''Save''' button is displayed below the check boxes for the [[Role|role]] selection.
| |
− | The number of [[Application|applications]] on the '''Permission''' list will vary depending on the [[Application|applications]] that you have chosen to subscribe.
| |
− | | |
− | ==Manager Permissions Available By Default==
| |
− | * '''Allow Delete on MultiFile Fields'''<!--DELCUSFILES--> - Enables roles to delete files that have been uploaded to [[Custom Field Type: Link – Multiple Files|Link - Multiple File]] custom fields.
| |
− | * '''Calendars - Create'''<!--CREATECALENDARS--> - Enables roles to create additional new calendars. All [[User|users]] have full control of their personal calendar regardless of this permission.
| |
− | * '''Calendars - Manager'''<!--EDITCALENDARS--> - Enables roles to view and add entries to calendars. All [[User|users]] have full control of their personal calendar regardless of this permission.
| |
− | * '''Companies - Allow Save Draft when creating/editing Companies'''<!--SAVEDRAFTCOMPANIES--> - Displays "Save Draft" button on Company records in edit mode for enabled roles.
| |
− | * '''Companies - Edit All External Companies'''<!--EDITEXTACCOUNT--> - Roles with this permission are able to modify the details of external organizations, regardless of the account ownership. Generally, only the user that “owns” the account can modify the account details; however, sometimes it is necessary to assign this type of access to an administrative role.
| |
− | * '''Companies - Transfer Ownership'''<!--TRANSFERACC--> - Enables roles to transfer ownership of company records.
| |
− | * '''Contacts - Allow Outlook Synchronization of All'''<!--SYNCALLCONTACTS--> - Enables roles to [[SmartSimple Outlook Synchronization|synchronize all contacts with Microsoft Outlook]].
| |
− | * '''Contacts - Allow Save Draft when creating/editing Contacts'''<!--SAVEDRAFTCONTACTS--> - Displays "Save Draft" button on Contact records in edit mode for enabled roles.
| |
− | * '''Create User List View'''<!--CREATEUSERLISTVIEW--> - Enables roles to create User [[List_View_Overview|List Views]].
| |
− | * '''Debug Mode'''<!--DEBUG_MODE--> - Enables Debug Mode for selected roles.
| |
− | * '''Discussion Groups - Create'''<!--CREATEDISCUSSIONS--> - Enables roles to [[Using Discussion Groups|create Discussion Groups]].
| |
− | * '''Enable Persistent Login'''<!--PERSISTENTLOGIN--> - Used in conjunction with [[Personal_Settings#Additional_Personal_Settings|Persistent Login]] setting in user's Personal Settings. Allows user to bypass login screen using cookies.
| |
− | * '''People Relationships - Edit'''<!--EDITRELATION--> - Roles with this permission are able to create types or relationships such as colleague, partner spouse, etc.
| |
− | * '''People Relationships - View'''<!--VIEWRELATION--> - Roles with this permission are able to view relationship diagrams and add new relationships between contacts but only using the defined relationship types.
| |
− | * '''Public Filters and Templates - Create'''<!--PUBLICTEMPFILADMIN--> - Roles with this permission are able to share search filters, and email templates with all other users. All users can create filters and message templates, but the user needs to be in a role associated with this manager permission in order to make the filter or template public.
| |
− | * '''Reports - Export Data'''<!--EXPORTREPORT--> - Roles with this permission are able to export data from reports.
| |
− | * '''Reports - Manager'''<!--REPORTADMIN--> - Roles with this permission are able to create reports, graphs based on those reports, and dashboards combining those graphs. Once created, each report and dashboard can be permissioned to other roles to view, but not to modify.
| |
− | * '''Reports - Web Pages - Statistics'''<!--VIEWWEBSTAT--> - Roles with this permission are able to view the statistics associated with [[external]] web pages – these include pages associated with the [[Applicant Tracking]] System, [[Sign-Up Pages]] and any web pages accessed from [[SmartFolders]].
| |
− | * '''Skills & Resume - Edit'''<!--EDITSKILLS--> - Roles with this permission can edit [[skills]] and [[resume]]s.
| |
− | * '''Smart Folders - Manager'''<!--EDITSMARTFOLDERS--> - Roles with this permission can edit [[Smart Folders]].
| |
− | * '''Use Desktop API'''<!--USEAPI--> -
| |
− | * '''View Authenticated Servers'''<!--AUTHENTICATEDSERVERS--> - Roles with this option have the ability to access the "[[Authenticated Servers]]" page. The hyperlink for "Authenticated Servers" is made visible under the "Organization" heading in the left hand navigation bar for administrators.
| |
− | * '''View Custom Field History'''<!--VIEWFIELDHISTORY--> - Roles with this permission are able to view all the changes made to [[custom fields]] where the [[Track Changes]] option has been selected.
| |
− | * '''View Message Queue'''<!--VIEWMESSAGEQ--> - Allows roles with this permission to access the [[Message Queue|message queue]].
| |
− | * '''View ObjectSync Exchange Logs'''<!--OBJSYNC--> - Allows roles with this permission to access the [[ObjectSync]] Exchange Logs.
| |
− | * '''View Standard Field History'''<!--VIEWSTANDARDFIELDHISTORY--> - Roles with this permission are able to view all the changes made to [[standard fields]] where the [[Track Changes]] option has been selected.
| |
− | * '''View User Access Audit Logs'''<!--USERACCESSAUDIT--> - Roles with this permission are able to access the [[User/Contact Security Audit|User Access Audit Logs]].
| |
− | * '''Workflows - Attach Workflow to Company'''<!--WORKFLOWATTACH--> - Roles with this permission are able to configure a [[Workflow Types|Company-type]] [[workflow]] to be triggered by a new company or modifications to a company record.
| |
− | * '''Workflows - Manager'''<!--WORKFLOWADMIN--> - Roles with this permission are able to create and edit workflows. Users without this permission can participate in workflow-driven processes, but are not able to view, edit or create new workflows.
| |
− | | |
− | ==Manager Permissions Associated with On-Demand Applications==
| |
− | * '''Content Management - Manager'''<!--CMS_ADMIN--> - This Manager Permission will become visible when the [[Content management|Content Management application]] is enabled.
| |
− | * '''Job Costing and Resources - Manager'''<!--PRJMAINTAIN--> - Enables permissions within Job Costing Application. [[Role|Roles]] with this permission are able to create and manage projects. This permission also provides the ability to add equipment, materials and other resources to the organization [[Hierarchy|hierarchy]], set rates, display and filter these resource types in the '''Organization chart''' view.
| |
− | | |
− | The following permissions are used in specialized circumstances.
| |
− | | |
− | <u>'''People Relationship Permission'''</u>
| |
− | | |
− | You can establish people relationship diagrams within the system. Two permissions are used to control this feature.
| |
− | * '''People Relationships – Edit''' - [[Role|Roles]] with this permission are able to create types or relationships such as colleague, partner spouse, etc.
| |
− | * '''People Relationships – View''' - [[Role|Roles]] with this permission are able to view relationship diagrams and add new relationships between contacts but only using the defined relationship types.
| |
− | | |
− | <u>'''Web Form Related Permissions – Web Forms Application must be enabled'''</u>
| |
− | | |
− | * '''Web Forms - Edit Results'''<!--EDITFORMRESULT--> - [[Role|Roles]] with this permission are able to edit the individual results of surveys, and assessments created in the [[Web Form]] application
| |
− | * '''Web Forms - Manager'''<!--SURVEYADMIN--> - [[Role|Roles]] with this permission have full manager rights for the [[Web Form]] application.
| |
− | * '''Web Forms - View Results'''<!--VIEWFORMRESULT--> - [[Role|Roles]] with this permission are able to view the individual results of surveys, and assessments created in the [[Web Form]] application. Other users can complete forms and the summary results, but cannot see the individual results.
| |
− | | |
− | ==Restrictions==
| |
− | | |
− | Restriction settings are used to restrict a role from certain features.
| |
− | | |
− | * '''Companies - View Own Accounts Only '''<!--MYACCOUNTONLY--> - Roles with this restriction are only able to see accounts where they are the [[owner]] of the account.
| |
− | * '''Disable Company Hyperlinks'''<!--DISABLECOMPANYHYPERLINKS--> - Hyperlinks to company profiles are disabled for roles that have this restriction.
| |
− | * '''Disable User Hyperlinks'''<!--DISABLEUSERHYPERLINKS--> - Hyperlinks to user/contact profiles are disabled for roles that have this restriction.
| |
− | * '''Hide Company Activity Tab'''<!--DISABLECACTLIST--> - The Activity tab on company profiles is hidden for roles that have this restriction.
| |
− | * '''Hide New Company Tab'''<!--DISABLENEWCOMPTAB--> - The "New Company" option is hidden from roles possessing this restriction.
| |
− | * '''Hide New User Tab'''<!--DISABLENEWUSERTAB--> - The "New User" option is hidden from roles possessing this restriction.
| |
− | * '''Hide User Activity Tab'''<!--DISABLEACTLIST--> - The Activity tab on user/contact profiles is hidden for roles that have this restriction.
| |
− | * '''Notes - Read Only'''<!--NOTESREADONLY--> - Roles with this restriction are not able to edit [[Notes]].
| |
− | * '''Restrict Deleting Activity'''<!--NODELETEACTIVITY--> - Applies to activities created under the company, user, or calendar. Activities for leads and opportunities in Sales Tracking will not be affected.
| |
− | * '''Restrict Deleting Company'''<!--NODELETECOMPANY--> - [[Role|Roles]] with this restriction are not able to delete Companies.
| |
− | * '''Restrict Deleting User'''<!--NODELETEUSER--> - [[Role|Roles]] with this restriction are not able to delete Users.
| |
− | * '''Restrict Editing Activity'''<!--NOEDITACTIVITY--> - Applies to activities created under the company, user, or calendar. Activities for leads and opportunities in Sales Tracking will not be affected.
| |
− | * '''Sales Tracking - Leads Only'''<!--VIEWLEADONLY--> - [[Role|Roles]] with this restriction can only see the leads section in the [[Sales Tracking]] application.
| |
− | * '''View Assigned Company Category Only'''<!--VIEWASSIGNEDCATONLY--> - [[Role|Roles]] with this restriction can only see the [[Client Categories|categories]] which have been assigned to their company.
| |
− | * '''View Associated Company Only'''<!--ASSOCIATEDCOMPANYONLY--> - [[Role|Roles]] with this restriction can only see their own company and those companies that have been associated with their company.
| |
− | * '''View Own Company Contact Only'''<!--VIEWMYCOMPANYONLY--> - [[Role|Roles]] with this restriction can only see the contacts associated with their company in the [[organization]] [[hierarchy]].
| |
− | | |
− | ==[[UTA]]-Specific Manager Permissions==
| |
− | * '''Attribute Transactions to UTA Level 1'''<!--TRANSATTRIBUTION--> - Grants permission to attribute [[transactions]] to [[UTA]] {{l1}}s.
| |
− | * '''[Name of UTA]'''<!--uber_[Appid]--> - Grants access to the Settings tab in designated [[UTA|Universal Tracking Application]].
| |
− | * '''[Name of UTA] - View Activity Only'''<!--uber_[Appid]_L1--> - Restricts designated roles to only be able to view {{l2}} objects.
| |
− | * '''[Name of UTA]- Overide Template Restriction'''<!--uber_[Appid]_L1_ORTMP--> - Allows designated roles to override the "Restricted to" setting on [[Level_1_Templates#Template_Settings|Level 1 Templates]].
| |
− | * '''[Name of UTA]- View Reader Log History'''<!--uber_[Appid]_L1_VIEWRT--> - Allows designated roles to view the [[Reader Log]] on [[UTA]] records.
| |
− | * '''[Name of UTA]- View Field History'''<!--uber_[Appid]_L1_VFHIS--> - Allows designated roles to view the [[Track Changes|Field History]] on fields where it has been activated.
| |
− | * '''[Name of UTA]- Show Batch Update'''<!--uber_[Appid]_L1_BATCHUPDATE--> - Allows designated roles to perform [[Batch Update]]s on [[UTA]] records.
| |
− | * '''[Name of UTA]- Assign By Role (Level 1 to Level 2)'''<!--uber_[Appid]_L1_ROLEASSIGNMENT--> - Allows designated roles to use the [[Auto Assignments|Assign By Role]] feature from {{l1}} to {{l2}} records.
| |
− | * '''[Name of UTA]- Assign By Role (Level 1 to Level 3)'''<!--uber_[Appid]_L13_ROLEASSIGNMENT--> - Allows designated roles to use the [[Auto Assignments|Assign By Role]] feature from {{l1}} to {{l3}} records.
| |
− | * '''[Name of UTA]- Assign By Role (Level 2 to Level 3)'''<!--uber_[Appid]_L123_ROLEASSIGNMENT--> - Allows designated roles to use the [[Auto Assignments|Assign By Role]] feature from {{l2}} to {{l3}} records.
| |
− | * '''[Name of UTA] - Workflow History'''<!--uber_[Appid]_L123_WORKFLOWHISTORY--> - Makes the [[Workflow History]] tab visible for specified roles.
| |
− | | |
− | ==Applying Manager Permission Changes==
| |
− | | |
− | Permission changes require that you log out and re-log in to the system.
| |
− | | |
− | [[Category:System Management]][[Category:Security]]
| |