How to Manage Roles & Permissions

Overview of Roles & Permissions

Roles within the Qliktag Platform signify a set of access to resources within the system as well as privileges granted within a Role. Roles can be custom defined by the system Controller in the “Roles & Permissions” section and then assigned to both “Accounts” and “Users” within an account. In a new system, there are 2 pre-defined Roles that come with the system by default and can’t be deleted. These are:

1. Controller (A superadmin user that configures the system, has access to all resources and settings in the system and can not be removed from the system)
2. Basic (A basic user role with restricted permissions who can view, search, create and edit Things within the system, search things, view data, create and apply Digital Interactions to Things but can not modify the system in any way)

Other than these two default Roles, a Controller can custom create Roles in this section for Accounts as well as Users separately if applicable. 

An “Account” role for example could be created for Data Publisher, Warehouse, Retail Partner, Supplier, Transport Partner, Mobile Application Provider, Company Location, Manufacturing Location or similar Roles for Accounts or Organizations you have given access to by setting up an Auxiliary Account in the system. 

A “User” role is created exactly the same way with the difference being permissions and access are granted based on User requirements. A “User” role can be created for Data Entry Personnel, Food Scientist, Template Designer, Marketing Team Member, R&D Team, Software Developer and similar roles which will be defined to further refine privileges and access to resources for Users assigned within a certain Account. 

Note: Within the Qliktag Platform, Roles are first applied to an Account and the Users assigned within that Account inherit the same privileges granted to the Account they are in. For example, Company ABC is assigned a Role R which does not allow the account to “Delete Things”. In this case, all the Users assigned under Company ABC will also not be allowed to “Delete Things”.

However, if one of the 5 users within Company ABC would require to be able to “Delete Things”, then a separate User Role can be created called Manager for example where permission to Delete Things is granted and that can be assigned to that user individually. 

In essence, a Users access within an Account is always:

Account Role Granted Privileges + User Role Granted Privileges

Creating a New Role

• In the main menu, under System Configuration, click on the “Roles & Permissions” menu item. 
• Once on the Roles page, click the “Create Role” button on the top left of the screen. 
• In the New Role Properties slide out bar, enter a “Role Code”. The “ Role Code” is an internal system code used to identify an entity. It must be unique and contain only lowercase letters and no spaces. 
• In the “Role Name” field, enter a Role Name for example “Logistics Partner”.  It will be the term used within the application user interface to represent a Role. It can contain both uppercase and lowercase letters as well as spaces. It can be entered in multiple languages, once for each language supported by the system.
• Click the Submit button to save the changes.
• Your new Role should appear in the Table on the Roles page.

Configuring Role Permissions

• Within the Roles page, click on the shield icon beside / in the same line as the Role you wish to assign permission to. If you hover over the icon, a tool tip will appear “configure role permissions”
• All the core resources and sections of the platform are listed in the first column of the table under “Resources”.
• To grant basic access to any resource, click the sliding toggle switch beside the resource until it appears green.
• Once basic access has been enabled through the toggle switch, the Permission Level check boxes will appear for View, Create, Edit & Delete. To enable these actions for the selected resource, click the checkbox. A ticked checkbox indicates this action will be allowed for the role. An unchecked checkbox indicates this action will be denied to the role. For example, if you wish to enable a Role to View, Create and Edit Visual Interactions but not be allowed them, check the boxes View, Create, Edit and leave the Delete box unchecked. 
• Note: Entity as a Resource offers a drop down which allows you to set permissions for individual entities. 
• Once you have finished setting the permissions, click the “Assign” button at the bottom of the page and the Role will be updated with the altered permissions. 

Assigning Roles to Accounts & Users

Roles created in the Roles & Permission section can be assigned to Accounts in the “Accounts” section and also assigned to Users in the “Users” section both of which are located in the System Configuration part of the main menu.

Note: System Users section is only for viewing and basic information editing for common users within an Account and not for configuration. Roles can not be assigned to users within the System Users section. It can only be assigned from the Users section under System Configuration and accessible to Controllers and Administrators.