Skip to main content

Permissions and Permission Sets - What Are They and How to Configure Them?

Jason Van Curen
Updated

To find, navigate to ORGANIZATION->USERS & PERMISSIONS->PERMISSIONS

Permission sets, or "permissions", are collections of access rights or privileges that define what actions a user can perform within the system. Instead of assigning permissions one by one, a permission set bundles them together, making it easier to manage access control consistently and securely.

While creating a new user, or editing an existing user, you're asked to assign a permission set to the user.  Here is where you define that permission set.  To learn more about adding a new, or editing an existing user, and how to assign or adjust their permission set, please see articles Users - Registering (adding) a New User and Users - Editing an Existing User.

Permission Set

This drop down list contains all currently defined permission sets available to the system.  This list includes both the CruzControl default permission sets, as well as any set(s) the user has created themselves.  Selecting a choice from the list will populate what's below with that groups current settings.

By default, CruzControl comes with the following permission sets ready for use.

NOTE:  In all cases listed below with the exception of Global Admin, you may customize each default to your preference by selecting the set in question from the list, enabling/disabling the appropriate right(s), and then clicking SUBMIT.  Global Admin is a non editable permission set; this ensures a top level user cannot accidentally deny themselves access to areas of the system.

[todo:  software team, can you read over the "breakdowns" below and confirm no data is missing? Thanks.]

Global Admin

This Global Admin role has unrestricted read and write access across nearly all modules (Site Track, Command, Scan, Configuration, Alerts), with a couple of exceptions such as both the Reports (Read-only access) and the Dashboard (Read-only access). It’s essentially a top-level role that can manage everything operational but reporting and dashboard functions are limited to view-only.

Examples: Owners, Regional Managers, District Managers.

Default Manager

The Default Manager is a monitoring and supervisory role. The Default Manager can see everything, force outputs On/Off/Auto, and delete images, but almost all controls (commands, outputs, equipment, maintenance, assistance tools) are read-only.

Default Manager No HR

No HR Default Manager is essentially the same thing as the Default Manager, however it restricts the ability to see financials. 

Default Employee

The Default Employee role is focused on maintenance work. It grants write access in Site Track so employees can log and complete Corrective Maintenance and Preventative Maintenance tasks. Beyond that, access to other modules is heavily restricted — employees can view little, and cannot make changes outside of their maintenance duties.

Examples: The every-day wash employee assigned with basic tasks. 

Default Technician

The Default Technician role is a hands-on troubleshooting and maintenance profile. It empowers technicians to test hardware, run diagnostics, and log maintenance activity, while restricting them from making supervisory, reporting, or administrative changes. 

Examples: Distributor Install and Technicians, On-Site Maintenance Personnel.

Default Read Only

The permission set is an Observer set, giving a broad overview into all modules but restricting the ability to make changes. They cannot change output states, edit inputs, delete imagery, or configure system settings.

New

Selecting New allows a user, with appropriate rights to do so, to define their own permission set(s).  The defaults provided cover most use cases, however should you decide you wish to tailor a set for your own purposes and you do not wish to edit the provided defaults, clicking + New will start the Create Permission Set wizard.

Permission Set Name

Give this set a name of your choosing.  This is a required field.  Here we'll call this new set "My Employee Permissions"

Description

An optional field where you may provide yourself details to help understand, identify, or visualize this set when later referenced.

Clicking NEXT -> bring us to the next step

Set Read Access

Now we must choose what read only access level to grant this permission set.  Across the top, we can select by clicking the bubble between the following.

None

"None" tells the system that all read access permissions will be toggled OFF.

Some

"Some" tells the system the default for all read access permissions will be toggled OFF, but prepares the editor for individual toggling. 

Most

"Most" tells the system the default for all read access permissions will be toggled ON, but prepares the editor for individual toggling. 

Full

"Full" tells the system that all read access permissions will be toggled ON.

Copy Read Access From Existing

We may also elect to copy from an already defined permission set it's read only rights to this new one. Clicking the box will drop down a list to choose from.  If one is selected by mistake, clicking CLEAR will remove the set.

To continue our example, we're selecting Some for Read Access.  Clicking NEXT -> bring us to the next step.

Set Write Access

Here we must choose what write access level to grant this permission set.  Across the top, we can select by clicking the bubble between the following.

None

"None" tells the system that all write access permissions will be toggled OFF..

Some

"Some" tells the system the default for all write access permissions will be toggled OFF, but prepares the editor for individual toggling. 

Most

"Most" tells the system the default for all write access permissions will be toggled ON, but prepares the editor for individual toggling. 

Full

"Full" tells the system that all write access permissions will be toggled ON.

Copy Write Access From Existing

We may also elect to copy from an already defined permission set it's write rights to this new one.  Clicking the box will drop down a list to choose from.  If one is selected by mistake, clicking CLEAR will remove the set.

To continue our example, we're selecting Most for Write Access.  Clicking NEXT -> bring us to the next step.

Almost done! Confirmation

Before proceeding we can use the <- BACK button to make any changes.  Clicking SUBMIT will create the permissions set. From this point forward, you will be able to edit it but not cancel it. This will move us forward to the complete listing of all rights we just assigned our new "My Employee Permissions" set.

Note that there are a LOT of permissions (notice the scroll bar on the right; use it and scroll thru all to confirm each and every permission you're about to grant or deny this set).  You may make changes along the way, enabling (moving the enable slider to the right/turning it blue to enable or to the left/turning it gray to disable).

If you've changed your mind and no longer wish to complete the process, clicking DISCARD CHANGES will reset the permissions to what they were when the permission set was loaded on the page.  

Once confirmed all rights are as you expect, click SUBMIT to complete the process.  Your new permission set is now ready to be applied to your user(s)!

Edit

Clicking Edit with the set in question specified by Permission Set, allows you to change this set's name and description.

NOTE:  Editing of the actual permissions themselves is already enabled, if the logged in user has rights to do so, upon selection of the set within the Permission Set dropdown list.  Scrolling down the page, and expanding pertinent areas of interest, and toggling the enable/disable sliders and/or manipulating the available checkboxes allows for easy customization of each and every thing a user may see, and action a user may perform.  Should you make any changes, be sure to click SUBMIT at the bottom of the page to apply your changes.  DISCARD CHANGES will undo any changes made within the displayed list, returning them to the last saved "SUBMIT"ed state.

Copy and Paste

The Copy and Paste options are a quick easy way to copy from one permission set to another.  Continuing our example from above, we have already created a second permission set named My Employee Permissions 2.  We've since decided however, that the rights specified within the new second group aren't quite right, and also the first set is much closer.  Lets copy from the first, to the second.

With the first group selected within Permission Set, My Employee Permissions, click Copy.  The Paste button is now available.  Switching to My Employee Permissions 2, we now click Paste

The Paste button will highlight and update to indicate Pasted!

All rights from My Employee Permissions have now been copied for review to My Employee Permissions 2.  Just as before, scroll the entire list and ensure all read and write rights are granted or denied as desired, and then click SUBMIT at the bottom of the page.  All users already assigned My Employee Permissions 2 have now been updated with the new permission set settings!

To learn more about adding a new, or editing an existing user, and how to assign or adjust their permission set, please see articles Users - Registering (adding) a New User and Users - Editing an Existing User.

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk