1. Articles
  2. Roles
Roles
by Andrew Stevens
Top Right Image

Overview

Roles can be used to control what data and which processes are available to Users in the main application. Roles can also be used to control which Queues, Lists, Dashboards and Report folders are visible to a User and can control access to Vivantio Report Builder. If there is to be no difference between the levels of access to data or processes between Users, then only one Role is needed. 

Data access is broken down by object (i.e. Ticket, Asset, Client, Caller, Location and Article) and can be based on any attribute or combination of attributes of that object. 

Guidance

A Role can be set so that it can only access Ticket data of a particular Ticket Type, raised by a particular Client, or a specific Category, etc.

If a User does not have permission to access a particular object, then the User will not see that object in the main application, in the Dashboard or in any Reports the User runs (it is entirely and securely hidden from the User).

Any number of Roles can be created in the Admin Area, although it is recommended that for ease of maintenance that this number be kept reasonable (no more than 10-12). A User can be a member of any number of Roles and will receive the most permissive data access of the Roles that they are a member of.

If a User has permission to access an object that Role(s) can also control which processes they are able to perform on that object, (e.g. Add, Edit and Delete). A Role’s Process Permission is exclusively associated with the Role’s Data Permission.

A User is a member of Role_1 and Role_2.
Role_1 allows Data access to all Tickets but does not permit the close process.
Role_2 allows Data access to only those Tickets owned by the logged on User and allows those Tickets to be closed.
In this case the User is able to access all Tickets but can only perform the close process on Tickets they own.


Please Note: Access to the Admin Area is not controlled by Roles but rather more simply by whether the User is an administrator or not. If a User is granted access to the Admin Area, they will have access to the entire Admin Area and this cannot be controlled via individual sections.

When Roles are created, by default Users are added to the Everyone Role and can be added to further roles created by the User.

When a new Role is created, only the name of the role is required. Members can be added to the role and a list of the roles are found in the Permissions Areas of each system area, where further criteria can be applied in terms of custom permissions for the User. A Role’s button also exists for the Queues tab, in which a Role can be selected to allow or deny permission to the Queues Area.

Example

Navigate to Admin Area > Setup > User Management > Roles

Configuring Roles & Permissions

Adding a New Role

Complete the relevant information and Save

Adding Users to Roles

To add Users into the Role, select the relevant Role and select Role Members

 

The system will populate the left-hand side of all Users that have been created – Drag and Drop the Users you want to be included into this Group to the right-hand side and Save

Configuring Permissions 

Next Navigate to the Permissions Tab you wish to configure in the relevant system area, select the role and Edit

 

Same with Process Permissions

 

Data Permissions = What the User can see


Process Permissions = What the User can do

 

 

Reviewed: 08 March 2023

 

Updated on Tuesday, April 2, 2024