Groups
This table lists the default groups in the system and describes the general permissions of each. To see more information about a group's permissions, you can print out or save to a file the full details of that group's permission.
Groups | Type | General description of access permissions |
---|---|---|
Admin | Power User | The admin group has full configuration and record access permission for the system. Admin users can see and do everything that is possible in the system. The number of admin users should be as small as possible. |
Anonymous | Power User | This group is used to enable unregistered users to click on an email hyperlink sent in an outbound email in order to edit that record. It is used in conjunction with the Anonymous user. If all your users have user records in the system, you will not need this group. As a staff group member, the Anonymous user uses an assigned or floating license. |
Approver | Power User | This group holds people who can approve Contracts or Change Requests. Approvers will primarily interact with their Approval records, but they can also view change requests for which they are an approver. They can also view and edit Contracts for which they are an approver, and can view tables related to approving Contracts such as Approvals, Approval Templates, and Companies. |
Base Service Desk | Power User | This group has the base permissions that should apply to all more privileged groups dealing with the Service desk tables. Users in those groups should also be in the Base Service desk group. This group has full create/edit access to records in the Support Case, Service Request, Incident, Problem, and Task tables, and create/edit own access to Change Requests and Time Entries. It has full view access to Assets, Services, Companies, and Employees and can edit its own employee record, but has no other create or edit access in those tables. It can create/edit end users (external customers). It cannot delete records. |
Change Manager | Power User | This group is responsible for management of Change Request records and has full privileges on the Change Request table. Members can create, edit, and delete records in this table and will typically be Change Managers or Change Owners. They can also create task and approval workflows for Change Requests, and can edit Change Request related services. |
Configuration Manager | Power User | This group has full access to the Asset records and is responsible for creating, editing, and deleting those records. People responsible for working on and configuring Assets, managing Asset resources, and so on would typically be in this group. They might also be added to the Service Manager group if they are responsible for setting up change request workflows or services related to assets. |
Contract Creator | End User | For internal employees who can create contracts. |
Contract Manager | Power User | This group has full access to the Contract table, Approvals table, Steps and Approval Workflow tables, and Companies table. They also have some access to End Users and Employees. They are responsible for creating, editing, and approving contracts for customers or the company. |
Contract Owner | Power User | This group has a subset of the permissions that Contract Managers have. Its members are responsible for Contracts assigned to them, and have full permissions there, but can only view Contracts that they did not create or were not assigned to. They have all the other permissions necessary to allow them to use Contracts effectively. |
Customer | End User | Unused unless providing external customer support. Then this group is used for end user customers, who can submit and view their own support cases. |
Customer Manager | Power User | Customer Manager – relevant if providing external customer support. Customer managers can view all support cases for their own company. |
Document Creator | End User | Can create documents and edit their own – customer of document table. |
Document Manager | Power User | People who can approve and publish documents. |
Document Reviewer | Staff | Can edit approvals for which they are the approver. |
Guest | End User | This group may be used in hyperlinks to allow creation of new requests of any kind (such as leads, users, Incidents) without seeing the rest of the user interface |
Internal customer | End User | Internal Customer in employee table, can create Service Requests, Purchase Requests, and report Incidents, as well as see their own Assets, edit some of their profile information, and view other employee contact information. They may also access Knowledge FAQs. |
Marketing | Power User | This group is responsible for coordinating and recording information about marketing campaigns and providing quotes to prospective customers. They have full access to: Campaign, Company, Lead, Opportunity, and Product tables. They have some access to Product Quoted, Quote, Tasks, Teams, Time Entry, People: End User, and People: Employee tables. |
Procurement Group | Power User | This group is responsible for managing the Purchase Request and Item tables. |
Sales | Power User | This group is responsible for recording information regarding sales efforts to specific companies as well as Purchase Orders made. They can also create and update Support Case records for the companies they represent. They have full access to: Company, Contract, Lead, Opportunity, and PO tables. Partial access to Campaign, Product, Product Quoted, Project, Quote, Support Case, Tasks, Teams, Time Entry, People: End Users. |
Service Manager | Power User | For staff responsible for maintaining the Service Portfolio (Service table) and the Task Workflows/Templates table. Only Service Managers can create new Services. |
To print group permissions...
- Go to Setup > Access > Manage Groups.
- Edit a group.
- Select the Tables tab.
- Sort by the Access column so that tables the group can see are on top, where Access is Yes.
- Check the box in the header row to select all tables.
- Hover over the printer icon and choose Print/Download Table View.
This produces a printout showing the ownership of records in the table and the basic permissions for each table for the selected group. Copy/paste the page contents into a text editor to document the system permissions for each group.