How Roles and Permissions Work
Roles and Permissions are the access levels granted to staff members within the system. Roles are 'attached' to users with varying levels of permissions. Permissions are things like 'Can Access Quotes' or 'Cannot Edit a Quote' for example. These are all set-up under a role
1. Creating a Role
To create a role, the first thing you will need to do is head to your admin section:
2. Select Role Management
This is where you will view all current system roles set-up, edit these roles, or create new ones:
3. View current roles in place
Once in your Role Management, you will see a full list of roles:
4. Select a Role to View
Once selecting a role, you should see the below screen which will display the current access rights set for this role:
5. Editing Module Access Role Permissions
To edit the role permissions, you have two options:
- Module Level Permissions - Access to the Module in General
- Field Level Permissions - Access to the Fields within the Module
Setting High-Level Module Access Permission Types
For a role's enabled modules, Field Magic provides different access types. These access types are as follows:
- Normal : Allows users to view and manage records depending on team membership. Regular users are usually granted Normal access type.
- Admin : Allows users to administer all records in the specified module regardless of team membership. However, the user does not have access to developer tools such as Studio and Workflow Management.
- Developer : Allows assigned users to access Developer tools in Sugar, namely Studio, Workflow Management, and Dropdown Editor, which are required to customize a module. However, appropriate team membership is still required to view records in the module.
- Admin & Developer : Allows users to not only view and manage all records in the module(s) but also access to administration and development tools available to manage them. The user does not require team membership to view records in the module. Sugar provides the following set of pre-defined Admin & Developer roles for your use:
- Customer Support Administrator : Administrator and developer access to Accounts, Bug Tracker, Cases, Contacts, and Knowledge Base
- Marketing Administrator : Administrator and developer access to Accounts, Contacts, Leads, Campaigns, Targets, and Target Lists
- Sales Administrator : Administrator and developer access to Accounts, Contacts, Forecasts, Forecast Schedule, Leads, Opportunities, and Quotes
- Tracker : Access to the Tracker module and pre-defined and custom Tracker reports
Let's look at Module Level Access to start with. The below shows how we can alter access for the Sales Administrator to change the access any one linked to this role will have. We are going to select 'Disable' which will remove the module from their view.
Once the change has been made to this Role, by clicking save, these changes will be reflected on the role as below, marked in red:
6. Editing Field Level Permissions
If you are looking to have greater control over the fields that users can view and edit, making use of field level permissions is a good idea.
You will find these on the left hand side within the role as below:
By clicking into one of the modules on the left, you will be presented with a list of all fields in that module where you can then set the access levels to each field for that role.
Access Levels include:
- Not Set : Ensures that the field-level access control does not affect a particular setting.
- Read/Write : Users will have permission to view and edit this field.
- Read/Owner Write : Users will have permission to edit this field only if they are the record's assigned user. Otherwise, they can view the field but not edit it.
- Read Only : Users can see the value of this field but they cannot edit it.
- Owner Read/Owner Write : Users will have permission to view and edit this field only if they are the record's assigned user.
- None : This field will be hidden from the user's view altogether.