Groups
This article lists the default groups in the out-of-the-box system and describes the general permissions of each. The process you can use to print or save the full details of a group's permissions is described below the table. You can find information on how to actually configure group permissions in the Group Permissions Wizard article.
Groups | Type | General description of access permissions |
|---|---|---|
Admin | Power User | This group has full configuration and record access permission for the system. Admin users can see and do everything that is possible in the system. The number of admin users should be as small as possible. Admin users generally should not be deleted. |
| Admin Import | Power User | This group is a copy of the Admin group that has additional create permissions specifically for importing. Admin Import users generally should not be deleted. |
| ACA and AI Add-on Group | Power User | This is an additive set of permissions for users who require access to Word app or AI capabilities. This group does not provide users access to any Contracts or Attachments they don't already have access to, but simply allows them to use the Word app and AI capabilities on records they can already access. This should not be a user's only group, since it does not provide sufficient permissions to use the system normally. Instead, it should be used as an add-on with any other group. |
| Adobe Sign User | Power User | This group, along with the Admin and Business Admin groups, is the only group that can see and work with Adobe Sign elements, such as the Adobe Sign Envelope and Adobe Sign Recipient by default. This group can create, edit, delete, import, export, or copy records they own in any of the AdobeSign tables. |
Anonymous | Power User | This group sets up unregistered users with the ability to edit records. Unregistered users can click on a hyperlink in an outbound email to edit records if they are given the Anonymous user distinction. If all your users have user records in the system, you do not need this group. As a power user, the Anonymous user uses an assigned or floating license. Anonymous users generally should not be deleted. |
Approver | Power User | This group contains people who can approve either Contracts, Change Requests, or both. Approvers primarily interact with their own Approval records, but they can also edit Approval records assigned to their team, and view related records. They can also view and edit Contracts and Change Requests for which they are an approver, and can view tables related to approving Contracts such as Approvals, Approval Templates, and Companies. Can view and edit own Sourcing Events; can edit other Sourcing Events where they are the Sourcing Event Owner/Requester/Selection Approver, have tasks assigned to them, or are one of the Approvers or assigned to no one and on approval team; can view other when Department matches, have tasks assigned to them, or are one of the Approvers or assigned to no one and on approval team. |
Base Service Desk | Power User | This group uses the same base permissions as the highly privileged groups who work with Service Desk tables. Users in those privileged groups should also be in the Base Service desk group. All IT Staff should belong to this group, as well as any additional groups for special permissions. This group has full create and edit access to all the records in the Support Case, Service Request, Incident, Problem, and Task tables, and create and edit access to Change Request and Time Entry records that they own. These users have full view access of the Asset, Service, Company, and Employee tables, can edit their own Employee records, but does not have any other create or edit access in those tables. It can create and edit End Users records. It cannot delete records. |
| Budget Manager | Power User | Person responsible for reviewing and entering contract and sourcing budgets. |
| Business Admin | Power User | This group is for business administrators who can view or edit all records in all tables. Business Admin users generally should not be deleted. |
Change Manager | Power User | This group is responsible for management of Change Request records and has full privileges on the Change Request table. Members can create, edit, and delete records in this table and are typically users with Change Manager or Change Owner roles. They can also create task and approval workflows for Change Requests, and can edit Change Request related services. |
Configuration Manager | Power User | This group has full control over records in the Asset and Model tables. People responsible for working on and configuring Asset records, managing asset resources, or other similar projects, are typically in this group. They might also be added to the Service Manager group if they are responsible for setting up change request workflows or services related to assets. |
| Contract Creator | End User | This is a read/request group that can create contracts and view them. |
Contract Manager | Power User | This group has full control over records in the Contract, Approval, Approval Templates, Approval Workflow, Company, and Supplier Evaluation Management tables. They also have limited access to the End User and Employee tables. They are responsible for creating, editing, and approving contracts for customers or the company. |
| Contract Requester | Power User | This group is for internal employees who can create and edit their own contracts as power users. They can also view all contracts, see dashboards and reports, and interact with the contract system. |
Customer | End User | This group is used for end user customers, who can submit and view their own support cases. This group is generally only used when providing external customer support. |
Customer Manager | Power User | This group is used so Customer Managers can view all support cases for their own company. Similar to the Customer group, the Customer Manager group is generally only used for providing external customer support. |
Document Creator | End User | This group can create, edit, and export their own Document records. However, they cannot view the Document records of others. |
Document Manager | Power User | This group has nearly full control of all records in the Documents table. However, they do not have the ability to modify the Status field of a Document record manually. |
Document Reviewer | Power User | This group can edit Approval records where they are the Approver. They can also view all records in the Document table. |
| DocuSign User | Power User | This group, along with the Admin and Business Admin groups, is the only group that can see and work with DocuSign elements, such as the DocuSign Envelope and DocuSign Recipient tables, by default. This group can create, edit, delete, import, export, or copy records that they own in any of the DocuSign tables. |
Guest | End User | This group is assigned to external users who can click on a hyperlink in an outbound email that allows them to create new requests, such as leads, users, or incidents, in the system without needing to access the rest of the End User Interface. Guest users generally should not be deleted. |
Internal Customer | End User | This group is for customers in the Employee table who can create Service Requests and Purchase Requests, report Incidents, as well as see their own Asset records. This group can also edit some of their profile information, view other employee contact information, and may also have access to the Knowledge Articles table. |
| Internal Supplier Manager | Power User | Employee with full control over Supplier Profiles and companies who manages the supplier onboarding process. |
| Legal | Power User | Members of the legal team handling legal requests and matters if matter management is used. They also have all the permissions that Contract Managers do in Contract related tables. |
| Legal Requester | End User | This is a read/request user who can submit legal requests for help from the legal team and view some matters. |
Marketing | Power User | This group is responsible for coordinating and recording information about marketing campaigns and providing quotes to prospective customers. They have full access to the Campaign, Company, Lead, Opportunity, and Product tables. They also have limited access to the Product Quoted, Quote, Task, Team, Time Entry, People: External User, and People: Employee tables. |
Procurement Group | Power User | This group is responsible for managing the Purchase Request, Item, and Item Requested tables. They can also view and edit all records in the Company Document table. |
| Project Manager | Power User | This group has full control over Project, Task, and Task Template records that are related to their project. They can also create records and edit others' records in the Asset, Billing, and Billing.SR Time Entry tables. |
Response Evaluator | Power User | Can view all Sourcing Events, Responses, and Response Evaluations for Sourcing Events in which they're a named Evaluator. Can view and edit their own Response Evaluations; can view other Response Evaluations when they’re on the Sourcing Event’s Selection Committee, and Evaluation Status = Complete or Evaluation Type = Consensus. |
Sales | Power User | This group is responsible for recording sales efforts for specific companies, as well as the Purchase Order records that are created. This group can also create and update Support Case records for the companies they represent. They have full control over records in the Company, Contract, Lead, Opportunity, and PO tables. They also have partial access to records in the Campaign, Product, Product Quoted, Project, Quote, Support Case, Task, Team, Time Entry, People: End User tables. |
| Self-Registered Supplier | End User | When a Person record is created for a new supplier going through onboarding, they are assigned this Group until the supplier is approved. This Group has limited permissions. |
Service Manager | Power User | This group has full control over records in the Service, Task, Task Step, Task Template, and Task Workflow tables. Besides Admins and Business Admins, Service Managers are the only group that can create new Services. |
Sourcing Event Creator | End User | Internal user who can request and view/edit their own Sourcing Events; can view other Sourcing Events when Department matches their Department. Has view-only access to Contracts – same visibility as Contract Creator. |
Sourcing Event Manager | Power User | Full control over Sourcing Events, Sourcing Event Approvals, Sourcing Event Tasks, Responses and conversion to Contracts. |
Sourcing Event Requester | Power User | Internal user who can request and view/edit their own Sourcing Events; can view other Sourcing Events when Department matches their Department. Has view-only access to Contracts, the same visibility as Contract Requester. If they should also be able to create contracts, members should be added to the Contract Requester group. |
| Supplier | End User | This group is used for people at supplier companies that can use the supplier portal. This group can create, edit, and view their own Company Document records, edit and view their own Company records, and view their own Contract records. Supplier users can also submit Responses to Sourcing Events. |
| Supplier Evaluator | End User | This is an add-on group containing permissions to view and respond to their Supplier Evaluations. They do not have access to create new evaluations or perform any configurations for Supplier Performance Management. |
| Supplier Lead | End User | This is the designated main contact for a supplier who can edit user records at their company, locations, and other information. |
Access Group Permissions
To access and print group permissions in the system:
- Go to Setup > Access > Manage Groups.
- Edit a group.
- Select the Tables tab.
- Click Access to sort the Access column with Yes at the top.
- Click the box to the left of Edit in the header row, and click Select all found records.
- Hover over the printer icon and choose Print/Download Table View.
This produces a printout showing the basic Record permissions for each table. You can copy/paste the page contents into a text editor in order to document system permissions for each group, or group permissions for each system.